Antonio Gonzalez Burgueño

The title of his thesis is “Formal Analysis for Security Ceremonies” and the given topic for his trial lecture was “Verifying and attacking machine learning systems for cyber security”.

In this thesis, he has developed a mathematical framework that can be used to accurately represent and reason about communication processes that include different kinds of actors, including human beings, with different capabilities and knowledge.

He has also used this mathematical framework to analyze the security properties of a range of systems, including the YubiKey authentication device and its secure hardware module (YubiHSM) used by a wide range of companies like Google, Facebook, GitHub or Microsoft. Furthermore, it provided him with the possibility to analyze security properties as secrecy and authentication in communication processes in which different actors with different capabilities and knowledge, including human beings, can interact to achieve a common goal.

He also presents how some of today’s modern security systems, as the RSA Laboratories Public Key Standards PKCS#11, a standard in the industry, the YubiKey, and the YubiHSM, can be logically and automatically analyzed using the state-of-the-art Maude-NPA security analysis tool. This research progresses with the research on the PKCS#11 verification by performing the API analysis in a more general and realistic model than in other previous works. Besides, by using the Maude-NPA tool, we can perform the analysis of the PKCS#11 API in a fully-unbounded session model. Furthermore, in the YubiKey and YubiHSM devices’ analysis, we automatically prove the secrecy and authentication properties of YubiKey and found two different attacks on the YubiHSM HSM, going further than any other previous work.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Associate Professor Osman Hasan, National University of Science & Technology, Pakistan.
• Second external opponent: Senior Scientist Gudmund Grov, Norwegian Defence Establishment, Norway.
• Internal member and committee administrator: Associate Professor Nils Gruschka, Department of Informatics, University of Oslo, Norway.
• Chair of defence: Associate Professor Petter Nielsen, Department of Informatics, UiO

Antonio Gonzalez Burgueño carried out his PhD work at the Department of Informatics, Faculty of Mathematics and Natural Sciences, University of Oslo.

His main supervisor was Professor Peter Csaba Ølveczky, Department of Informatics, UiO and co-supervisor Professor Olaf Owe, Department of Informatics, UiO.

Congratulations!

Srimathi Varadharajan successfully completed her PhD trial lecture and thesis defense at the University of Bergen, on the 22nd November 2019 and on the 28th of April 2020, respectively, and will be awarded the degree of Doctor of Philosophy.

The title of her thesis is “Hard Mathematical Problems in Cryptography and Coding Theory” and the topic of her trail lecture was: “Fermat’s last theorem”.

Cryptography and code theory are two important fields of communication exchange. Code theory is about how information can be represented in a way that makes it possible to automatically correct errors that occur during shipping. Cryptography deals with techniques to keep information secret and to ensure that information has not been changed between sender and recipient. Both fields are based on difficult mathematical problems.

Srimathi’s dissertation deals with a variety of such problems and studies possible algorithms to solve them. One example of such a problem is the factoring of large numbers into their prime factors, which form the basis for much of the security of the Internet today. Another example is the problem of finding the shortest vector in a so-called lattice. It is known that a quantum computer can effectively solve the factorization problem, while it is believed that it is not possible to effectively solve the shortest-vector problem, even with a quantum computer. Lattice-based cryptography is therefore a good candidate for securing the Internet of the future, and it is important to understand how difficult this problem is and what makes it difficult.

Srimathi Varadharajan carried out her PhD work at the Department of Informatics, University of Bergen.

Her main supervisor was Håvard Raddum, Simula.

Congratulations!

Samson Yoseph Esayas successfully completed his PhD trial lecture and thesis defense at the University of Oslo on Monday, the 20th of April 2020 and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Data Privacy and Competition Law in the Age of Big Data. The Commercialization of Personal Data and Its Implications for the Foundations and Policy Boundaries of Data Privacy and Competition Law” and the given topic for his trial lecture was “The Interface between Data Protection Rules and Competition Law”.

In recent years, we have seen the emergence of companies where the core of business models is built around monetization of users’ personal data. At the forefront of this effort, we find companies such as Google and Facebook, which collect and analyze huge amounts of consumer data – where they are, what devices they use, what they buy and various categories of their online behavior. The availability of such huge amounts of data allows these companies to deliver accurate online advertising. This ad-based business model has enabled these companies to climb to the top of the hierarchy of the most valuable businesses.

The commercialization of personal data drives companies to expand the scope and scope of data collection, which in turn creates significant challenges for the application of EU privacy rules. Google’s aggressive expansion into a number of new product areas is a case in point, as the company collects and combines personal information from more than 100 consumer-focused services.

The thesis argues that such a development gives rise to two important challenges – one institutional and the other material. The institutional challenge is related to the difficulty of applying current rules as companies begin to collect and combine data across hundreds of services – that is, a scaling issue. This is because the application of the rules is based on the possibility of separating the various services for which the data is collected (processing activities) and relating each individual personal data to one specific service (processing activity). The material challenge is linked to the inadequacy of current rules when dealing with emergent privacy risks, such as overexposure of the individual and loss of practical access barriers. These risks are “emergent” in the sense that the sum, that is, the data aggregated from the numerous services contains risks not found in the individual data sets (treatment activities). In light of these challenges, the dissertation emphasizes the need for a holistic approach that considers imposing increased responsibilities on some entities, taking into account the totality of the processing activities and the practice of data aggregation.

With the commercialization of personal data, competition supervision in the EU and the US has begun to recognize privacy as a competitive parameter that is not about price. Despite this recognition, there is little general theoretical literature on this topic. The dissertation seeks to fill this void by outlining various claims theories to incorporate privacy as a non-price element into merger assessments, and to discuss various anti-competitive practices affecting privacy.

Privacy cartels: At the center of the competition rules is the ban on cartels – rival companies are prohibited from entering into price agreements. However, price as a competitive parameter is largely absent in many digital services, where users often “pay” by handing over their personal information. The question is whether users’ privacy can become the new arena for cartel agreements. The answer is yes, it can be – and it has been. The agreement between Google and Eyeo, the company that owns the Adblock Plus anti-tracking and ad blocking software, is a good example. Google paid Eyeo millions for Eyeo agreeing to curtail ad blocking activity and scale down investment in the market. The German and Austrian Competition Authority decided that the agreement was anti-competitive.

The thesis makes use of elements of system theory, in particular the concept of emergent properties to answer the research questions. In particular, two lessons learned from emergent properties are worth highlighting: first, although the idea of ​​”one thing at a time” is a useful guiding principle in life, it may not be appropriate in a world where the line between one thing and another is unclear. Even more important is that the law in general, but the privacy and competition law in particular, recognizes the possibility that the sum of fully lawful behaviors can nevertheless create behaviors that are not in compliance with the law or that violate the intent of the law.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Björn Lundqvist, Stockholm University, Sweden.
• Second external opponent: Professor Orla Lynskey, London School of Economics and Political Science, UK.
• Internal member: Professor Eirik Østerud, University of Oslo.
• Head of defence: Deputy Dean Tarjei Bekkedal

Samson Yoseph Esayas carried out his PhD work at the Department of Private Law, University of Oslo.

His main supervisor was Professor Lee Andrew Bygrave, Department of Private Law, University of Oslo and co-supervisor Professor Inger Ørstavik, Department of Private Law, University of Oslo.

Congratulations!

Desta Haileselassie Hagos successfully completed his PhD trial lecture and thesis defense at the University of Oslo on Wednesday, the 15th of April 2020 and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Discovering the Dynamic Complexity of TCP Using Machine Learning and Deep Learning Techniques” and the given topic for his trial lecture was “MultiPath TCP and RTP / RTCP protocols: motivations, mechanisms, deployment, and performances”.

The doctoral thesis mainly focuses on monitoring of internal TCP conditions in the end nodes, based on analysis of passive traffic measurements carried out in an intermediate node in the network. The research is believed to be industry-relevant, as passive traffic measurement is a method increasingly used by network operators and Internet service providers to analyze the communication performance of network-based applications and services. The work proposes different models and solutions for predicting TCP conditions in the end node, and presents experiments that indicate that the predictions provide relatively good accuracy over different validation scenarios and over the use of different TCP variants.

The work presented in this dissertation aims to obtain detailed knowledge about the end hosts by monitoring information of the packets that pass through the network, and by employing machine learning and deep learning-based techniques on the monitored network traffic. Since machine learning and deep learning methods are good at coping with complex tasks and massive amounts of data, they might play an important role in predicting the TCP per-connection internal states. Understanding the dynamic complexity of the internal states of TCP is a fundamental challenge, and especially demanding due to the dynamics and complexity of modern networks. Even though this is the main objective of the dissertation, our work shows that related techniques can also be used to find other information about the hosts,

The analyzes of this dissertation focus mainly on TCP internal state monitoring from passive traffic measurements. We believe that our work will be useful to the industry as passive measurements are becoming increasingly useful for network operators and Internet Service Providers to evaluate the communication performance of applications and services running on their networks. Our experimental results indicate the effectiveness of the proposed prediction models with reasonably good accuracy across different validation scenarios and multiple TCP variants

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Nadjib Aait Saadi, UVSQ Paris-Saclay University, France.
• Second external opponent: Associate Professor Marija Slavkovik, University of Bergen, Norway.
• Internal member and committee administrator: Professor Josef Noll, Department of Technology Systems, University of Oslo.

Desta Haileselassie Hagos carried out his PhD work at the Department of Technology Systems, University of Oslo.

His main supervisor was Professor Paal Einar Engelstad, Department of Technology Systems, University of Oslo and co-supervisors Professor Øivind Kure, Department of Technology Systems, University of Oslo and Professor Anis Yazidi, OsloMet.

Congratulations!

Benjamin James Knox successfully completed his PhD trial lecture and thesis defense at the Norwegian University of Science and Technology on Friday, the 29th of May 2020 and will be awarded the degree of Doctor of Philosophy in Information Security and Communication Technology.

The title of his thesis is “Cyberpower Praxis: A Study of Ways to Improve Understanding and Governance in the Cyber Domain” and the given topic for his trial lecture was “Gamification and information privacy education”.

His thesis presents a route to better cyberpower praxis by encouraging a more open, holistic and flexible way of thinking about competence development for learners in the cyber domain. Attempting to combine capacities and skills on multiple plains via alternative forms of education can help build understanding around a common goal of harnessing or defeating cyberpower effects.

Deterring threats and reducing an adversary’s attack surface in the cyber domain is complex and requires multiple levels of control. One such level is the human cyber operator. The task characteristics of cyberspace operations require effective coordination between multiple agents and asset types (human, technical, tangible and intangible). To support performance, cyberoperators will likely benefit from the psychological characteristics of cognitive agility: self-regulated individuals with openness, flexibility, and adaptability. Therefore, the objective of his thesis is to identify ways to develop the cognitive competencies that support better domain cognisance and self-governance capabilities among novice level cyber operators.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Emeritus Rossouw von Solms, Department of Computer Science & Information Technology, School of Information and Communication Technology, Nelson Mandela University, Port Elizabeth, South Africa.
• Second external opponent: Assistant Professor Aggeliki Tsohou, Department of Informatics, Faculty of Information Sciences and Informatics, Ionian University, Corfu, Greece.
• Internal member and committee administrator: Associate Professor Basel Katt, Department of Information Security and Communication Technology, NTNU Gjøvik.

Benjamin James Knox carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik.

His main supervisor was Professor Sokratis Katsikas, Department of Information Security and Communication Technology, NTNU and co-supervisors Professor Kirsi Helkala, Norwegian Defence Cyber Academy, and Professor Stefan Sütterlin, Østfold University College.

Congratulations!

The title of his thesis is “A Multi-Discipline Approach for Enhancing Developer Learning in Software Security” and the given topic for his trial lecture was “Quantitative Approaches to Software Quality Measurement”.

Today’s software is still insecure. Many software developers lack knowledge about secure software development and that is a major problem.

Wen’s thesis investigates how developers’ learning of software security can be enhanced and draws from cross-disciplinary thinking at the intersections of sociology, education, software engineering and others.

The contextual factors that affect developers’ learning of software security are investigated and a context-based learning tool for effective security education and learning is suggested. With that, this thesis contributes to the fields of software development and security education.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Associate Professor Lynn Futcher, Department of Information Technology, School of Information and Communication Technology, Nelson Mandela University, Port Elizabeth, South Africa.
• Second external opponent: Associate Professor Anh Nguyen Duc, Department of Business and IT, School of Business, The University of South-Eastern Norway (USN), Bø, Norway.
• Internal member and committee administrator: Associate Professor Hao Wang, Department of Computer Science, NTNU, Gjøvik, Norway.

Shao-Fang Wen carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik.

His main supervisor was Associate Professor Basel Katt, Department of Information Security and Communication Technology, NTNU and co-supervisors Professor Stewart James Kowalski, Department of Information Security and Communication Technology, NTNU, and Professor Rune Hjelsvold, Department of Computer Science, NTNU.

Congratulations!

GDPR enforcement has begun, and your organization can’t afford inadequate compliance. As of July 2019, data protection authorities have announced 360 million euros in fines against organizations ranging from real estate management firms to hotel chains to airlines. More than 300,000 cases and complaints are pending with authorities across the EU.

The IAPP’s GDPR Ready training was organized to

• understand GDPR requirements,
• know which provisions apply to your organization,
• learn how to design a response that meets regulatory requirements and builds customers’ confidence
• gain the knowledge to become a GDPR-ready privacy pro or the certified DPO (data protection officer) so many organizations need. (The IAPP estimates it will take 75,000 DPOs to meet GDPR compliance requirements.)

GDPR compliance starts with knowledge.

Recent research has established that it takes more than 20 hours of training just to acquire a workable understanding of the GDPR, and even more to prepare for a DPO position. The IAPP’s GDPR Ready training courses are recognized as the most effective way to prepare for these all-important roles.

COINS supported Shukun Tokas to attend the IAPP’s GDPR Ready 4-Day Bundle in London, UK.

Pawel Grzegorz Drozdowski

The title of his thesis is “Efficient privacy-preserving biometric identification in large-scale multibiometric systems” and the given topic for his trial lecture was “Balancing Privacy vs Security in Modern Societies”.

Nowadays, biometrics find application as an integral component of identity management systems. The recent rapid growth of size and popularity of such systems has prompted research into technologies which support efficient, secure, and accurate processing of large amounts of biometric data.

The goal of this thesis is development of computationally efficient algorithms and data structures specifically for biometric identification (1:N search). The methods proposed in the thesis facilitate real-time search queries on large biometric datasets, while simultaneously assuring biometric data protection and incorporating multi-biometric information fusion.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Associate professor Vitomir Štruc, Faculty of Electrical Engineering, University of Ljubljana, Slovenia.
• Second external opponent: Associate Professor Hugo Pedro Proença, Department of Computer Science, University of Beira Interior, Portugal.
• Internal member and committee administrator: Associate Professor Sule Yildirim Yayilgan, Department of Information Security and Communication Technology, NTNU in Gjøvik, Norway.

Pawel Grzegorz Drozdowski carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik.

His main supervisor was Professor Christoph Busch, Department of Information Security and Communication Technology, NTNU and co-supervisor Dr. Christian Rathgeb, Hochschule Darmstadt, Germany.

Congratulations!

Asiacrypt 2019

Asiacrypt 2019 was organized by the International Association for Cryptologic Research (IACR) in cooperation with the technical group on Information Security(ISEC) of Institute of Electronics, Information and Communication Engineers(IEICE).

COINS supported Shuang Wu to attend the Asiacrypt 2019 in Kobe, Japan.

Herman Galteland successfully completed his fully digital PhD trial lecture and thesis defense at the Norwegian University of Science and Technology on Wednesday, the 15th of April 2020 and will be awarded the degree of Doctor of Philosophy in Mathematical Sciences.

The title of his thesis is “Malicious cryptography” and the given topic for his trial lecture was “Morality and Ethics of Cryptographic Work”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Liqun Chen, Department of Computer Science, University of Surrey, Surrey, UK.
• Second external opponent: Chief Research Scientist Martijn Stam, Simula UiB, Bergen, Norway.
• Internal member and committee administrator: Associate Professor Jiaxin Pan, Department of Mathematical Sciences, NTNU, Trondheim, Norway.

Herman Galteland carried out his PhD work at the Department of Mathematical Sciences, NTNU in Trondheim.

His main supervisor was Professor Kristian Gjøsteen, Department of Mathematical Sciences, NTNU and co-supervisor Professor Colin Alexander Boyd, Department of Information Security and Communication Technology, NTNU.

Congratulations!

The title of his thesis is “New Approaches to the Cryptanalysis of Block Ciphers” and the given topic for his trial lecture was “Side channel cryptanalysis and countermeasures”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Gregor Leander, Ruhr-University Bochum, Germany.
• Second external opponent: Senior Researcher HDR Maria Naya-Plasenci, INRIA Paris, France.
• Internal member and administrator: George Petrides, Associate Professor, Department of Informatics, University of Bergen.
• Leder of the defense Professor Trond Steihaug, Department of Informatics, University of Bergen.

Navid Ghaedi Bardeh carried out his PhD work at the Department of Informatics, University of Bergen.

His main supervisor was Associate Professor Sondre Rønjom, Department of Informatics, University of Bergen and co-supervisors were Professor Emeritus Tor Helleseth and Associate Professor Chunlei Li, both from Department of Informatics, University of Bergen.

Congratulations!

Norsk Kryptoseminar (The Norwegian Crypto Seminar) is an event that was started in 1998. The purpose was to bring together the cryptology environments in Norway to promote theory and practice in cryptology. The seminar was open to anyone who works with cryptology in Norway.

COINS supported seven students to attend the Norsk Kryptroseminar 2020 in Kjeller: Thor Tunge, Bor de Kock, Mattia Veroni, Morten Solberg, Lise Millerjord, Magnus Ringerud, Tjerand Aga Silde and Morten Øygarden. Here is their combined report from the event. A separete report of Morten Øygarden you can find here.

The title of his thesis is “Security in Interconnected Network Function Virtualisation Environments” and the given topic for his trial lecture was “Utilizing SDN in IoT-based Systems”.

Network Functions Virtualization (NFV) aims to change how network operators
handle their network equipment. It also aims to change how end-users shop their
network service. NFV is a paradigm shift of networking which consists of moving
the physical network appliances from hardware to software. This enables providers
to run these network devices in remote data centres. One example of this concept is
that end-users do no longer need to have a stack of residential network equipment.
They can simply move their network devices to the cloud. This concept of virtualising
network equipment has the potential to significantly reduce hardware cost,
decrease the time-to-market, expand the lifetime of the network devices and save
operational expenses. However, security remains a major concern for operators
and end-users before they are willing to adopt the technology more widely. The
border security arranged by physical network devices becomes more unclear for
the end-users, and they can easily question who has access to their virtual network
devices. The concept of virtualisation also enables the virtual network devices to
be run at any service provider. Then, this also questions what provider who has
access to what data. If all network traffic from the end-users are going through
multiple services at multiple providers, then the end-user can question, who has
access to what and who can access their data traffic? In fact, the end-users have
very little control over this. However, it is obvious that the privacy of the end-users
is important. They should be able to know what provider who can access their data
traffic, who can access what and whether they share an NFV network service with
someone else. They should also be able to know if their homes are protected from
cyber-attacks.
Correspondingly, the main objective of this research is to provide a mechanism
which ensures the confidentiality, integrity and availability of the end-users’ NFV
traffic. In particular, it aims to secure end-user communication when Internet Service
Providers are sharing virtual network service platforms between each other.
This includes protecting the integrity of the data traffic and achieving data traffic
confidentiality, which currently is very limited in NFV environments.
The first part of the research contains a study of the security implications of putting a virtual networking device into the cloud. This research aims to put a focus on
the aforementioned research challenge and investigate what security mechanisms
which can be used to achieve integrity and confidentiality. This research challenges
the current standards and asks whom the end-user can trust in a multi-provider
NFV environment. Further, this research results in a set of requirements which
must be fulfilled in order to achieve the security objectives.
These security concerns present a major obstacle for NFV adoption. Hence, the
second part of the research presents an architecture of how to overcome these
security challenges. The focus in these studies concerns how the access control can
be achieved by low-level packet isolation and how it can be abstracted to network
orchestration policies. The key elements in this research challenge are how to
exchange keys and how to steer encrypted data packets.
The last part of the research is related to the development of a framework which
supports the confidentiality, integrity and the availability of the data traffic in NFV.
Here, this research aimed to verify that the implementation of the architecture fulfils
the requirements which were developed in the first part of this research. The
final results show that these requirements are fulfilled. In the context of NFV adoption,
this research contribution of access control and confidentiality can affect the
perspective of security and trust in NFV networks for both end-users and operators.
Correspondingly, it can also have an impact on NFV adoption in general.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Lars Dittmann, Department of Photonics Engineering, Technical University of Denmark (DTU), Lyngby, Denmark.
• Second external opponent: Associate Professor Sandra Scott-Hayward, Institute of Electronics, Communications & Information Technology, Queen’s University Belfast, Belfast, United Kingdom.
• Internal member and committee administrator: Professor Peter Herrmann, Department of Information Security and Communication Technology, NTNU, Trondheim, Norway.

Håkon Gunleifsen carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik.

His main supervisor was Associate Professor Thomas Kemmerich, Department of Information Security and Communication Technology, NTNU and co-supervisor Professor Slobodan Petrović, Department of Information Security and Communication Technology, NTNU.

Congratulations!

Jayachander Surbiryala successfully completed his PhD trial lecture and thesis defense at the University of Stavanger, the 2nd of December 2019 and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Information Processing in the Cloud. Resource Allocation and Security Perspective” and the given topic for his trial lecture was “Cryptographic Improvements in TLS 1.3 over 1.2: Whys and Hows”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Vladimir Oleshchuk, University of Agder, Grimstad, Norway.
• Second external opponent: Professor Tingting Zhang, Mid Sweden University, Sweden.
• Internal member: Associate Professor Leander Jehl, Department of Electrical Engineering and Computer Science, University of Stavanger.
• Leader of the defence: Head of department Tom Ryen, Department of Electrical Engineering and Computer Science, University of Stavanger.

Jayachander Surbiryala carried out his PhD work at the Department of Electrical Engineering and Computer Science, University of Stavanger in Stavanger.

His main supervisor was Professor Chunming Rong, University of Stavanger and co-supervisor Associate Professor Chunlei Li, University of Bergen.

Congratulations!

The aim of the NISK conference series was to be the principal Norwegian research venue for presenting and discussing developments in the field of ICT security and privacy, and bringing together people from universities, industry, and public authorities.

Both national and international contributions by researchers, practitioners, and PhD- and Master thesis students presenting new problems and solutions within topics on ICT security were invited.

NISK 2019 conference was co-located with COINS Ph.D. student seminar. COINS supported several students to attend the NISK 2019 in Narvik, Norway.

Here are their reports:

• Berglind Fjola Smaradottir
• Aida Akbarzadeh
• Mazaher Kianpour

Ambika Shrestha Chitrakar

The title of her thesis is “Constrained Approximate Search and Data Reduction Techniques in Cybersecurity and Digital Forensics” and the given topic for her trial lecture was “Quantum computing and security of the stream ciphers”.

Cybersecurity and digital forensics are two important fields for any society and business. Research in these fields is necessary to battle with the increasing digital crimes and investigations.

Advancement in digital technology, increasing number of digital sources, knowledge being easily accessible, and the increasing capability of the attackers bring many challenges in these domains. It is a necessity to be proactive and understand how the attackers think and how they can evade traditional defense tools and methods from their detection. This research work focuses on contributing to the state-of-the-art of mainly two issues in cybersecurity and digital forensics. The first one is for the challenges related to the search algorithms and the second one is for the challenges related to reducing the size of data for analysis.

The following committee has been appointed to evaluate her thesis, trial lecture and defense:

• First external opponent: Dr Luis Hernandez Encinas, Department of Information and Communication Technologies (TIC), Institute of Physical and Information Technologies (ITEFI), Spanish National Research Council (CSIC), Madrid, Spain.
• Second external opponent: Professor Vladimir Oleshchuk, University of Agder, Grimstad, Norway.
• Internal member and committee administrator: Associate Professor Sule Yildirim-Yayilgan, Department of Information Security and Communication Technology, NTNU, Gjøvik, Norway.

Ambika Shrestha Chitrakar carried out her PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik.

Her main supervisor was Professor Slobodan Petrović, Department of Information Security and Communication Technology, NTNU and co-supervisor Professor Katrin Franke, Department of Information Security and Communication Technology, NTNU.

Congratulations!

Decentralized has established itself as Europe’s premier conference on blockchain and digital currencies. Decentralized 2019 is one of the most popular events in Europe.

It hosted a total of 1500+ attendees, 40+ sponsors, 100+ speakers, 20+ exhibitors, 30+ media partners and attendees from 50+ countries. It was truly a global event with a focus on blockchain and decentralized ledger technology.

The Decentralized 2019 event brought the best academic experts and business executives from all around the world. They debated on future developments and current trends which were spread across three conference tracks.

• Business: Business leaders and executives discussed how digital currencies and blockchain have the potential to disrupt businesses.
• Technology: The professionals from digital currency and blockchain took on the latest development
• Academia: The researchers discussed how the blockchain space looks exciting and share their research.

COINS supported Abylay Satybaldy to attend the Decentralized 2019 in Athens, Greece.

The 3rd biannual IEEE Nordic Student and Young Professionals Congress 2019 was co-hosted by the IEEE Sweden Young Professionals affinity group and the IEEE Finland Young Professionals affinity group, with support from the respective student branches and women in engineering affinity groups.

The theme of this year’s event was sustainability, and all the lectures and workshops followed that theme. 5G solutions, smart cities, electric and smart vehicles, and smart energy storage are just some of the topics that were discussed during this year’s IEEE Nordic SYP.

The event began on Friday the 25th of October. Participants have taken from Arlanda airport to the cruise ship to set sail for Finland. Boarding began at 16:30. The attendees were then able to attend IEEE workshops and presentations on Friday evening before dinner, and a night’s entertainment.

After breakfast, the cruise arrived in Helsinki on Saturday morning at approximately 10:00 am. The day in Helsinki was based around the industry with talks from leading Nordic tech companies like Nokia.

Attendees then boarded the cruise ship again, for another evening of IEEE talks and workshops, followed by Gala dinner. After breakfast Sunday morning, the cruise arrived in Stockholm where there was a similar day of industry talks and workshops. The event was brought to a close Sunday evening and attendees were treated to a night of sightseeing and entertainment in Stockholm.

After breakfast on Monday morning, attendees were given help to get back to Arlanda to get their flights home.

COINS supported three students: Ashish Rauniyar, Debesh Jha and Desta Haileselassie Hagos to attend the IEEE Nordic Student and Young Professionals Congress 2019 in Helsinki, Finland / Stockholm, Sweden.

The title of his thesis is “Deep Learning for Fingerprint Recognition Systems” and the given topic for his trial lecture was “From Machine Learning to Deep Learning: Methods, Contour Conditions and Applications”.

Biometric recognition is a typical means to identify individuals or to verify claimed
identities. Use cases are manifold. For example, users can unlock their smartphones
for convenience by presenting their faces or fingerprints. Or one’s identity
is verified when crossing borders. Today, biometric recognition already has many
points of contact with our daily life and there are more to come.
Besides iris and face, fingerprint is the most wide spread biometric trait used for
recognition. Fingerprints are assumed to be unique for each and every finger. This
makes it an ideal trait for recognition. In addition, fingerprint recognition has more
than a century of tradition in the field of biometric recognition. A great amount
of expertise and engineering skill made it a quite mature technology over time.
Only few false positive and false negative errors are made in recognition in today’s
deployed systems.

However, fingerprint recognition is still far from being perfect. In contrast to popular
opinion, fingerprint recognition is not a solved problem. Actually, there is
still a lot of work to do. As biometric systems become larger and become more
inclusive, even new challenges arise. Systems need to deal with large amounts of
data while keeping performance with respect to recognition performance as well as
transaction times in a reasonable order. Recognition shall work for everyone and
shall not exclude a certain ethnic group or subset of the population. It will work
in unconstrained conditions. However, it shall still make no erroneous decisions.
Engineering may have come to its limits at this stage.
In contrast to classical engineering, machine learning based on artificial neural
networks may be a reasonable alternative. The emerging technologies of Deep
Learning achieve tremendous successes in many domains of image processing and
pattern recognition. This work assesses the application of such innovative machine
learning concepts to fingerprint recognition. Three central aspects and challenges
in fingerprint recognition are inspected in detail: fingerprint sample enhancement,
orientation field estimation, and efficient processing structures.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Raul Sanchez-Reillo, Electronics Technology Department, University Carlos III of Madrid (UC3M), Spain.
• Second external opponent: Associate Professor Raffaele Cappelli, Department of Computer Science and Engineering, University of Bologna, Italy.
• Internal member and committee administrator: Associate Professor Kerstin Bach, Department of Computer Science, NTNU.

Patrick Schuch carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik.

His main supervisor was Professor Christoph Busch, Department of Information Security and Communication Technology, NTNU and co-supervisor Professor Katrin Franke, Department of Information Security and Communication Technology, NTNU.

Congratulations!

The Training School featured a program of lectures delivered by leading experts in the area of 5G networks, from both academia and industry. The objective of the School was to give attendees a global view, with an insight into some specific aspects, on research in key features of the emerging 5G technologies from the networking perspective, addressing models, architectures and applications. Attendees had an opportunity to participate in stimulating discussions with lecturers, obtain useful feedback, and initiate new collaborations. Lectures provided the background on 5G wireless communications networks concepts, ranging from the more fundamental ones related to concepts and mathematical modelling to experimental and applied ones connected to the incoming standardisation features.

The School aimed at Ph.D. students who actively work on or are interested in future mobile networks.

COINS supported  Desta Haileselassie Hagos to attend the 8th Training School on Network Models, Architectures and Applications for 5G in Moscow, Russia.

COINS supported Elahe Fazeldehkordi to attend the GDPR course in Brussels, Belgium.

This OSM Hackfest offered a great opportunity to share and learn with OSM developers and module leaders, and explore opportunities for synergies and collaboration.

It allowed new users to get familiar with OSM Release SIX and exercise all the main functionalities, from basic operations (installation, setup, common operations, etc.) to most advanced capabilities, such as 5G network slicing with a big focus on VNF on-boarding activities covering Day 0/1/2 operations.

In addition, experienced users and developers had the opportunity to hack into OSM, build complex examples, fine-tune, test and demonstrate Release SEVEN and experimental features on the OSM Remote Labs network.OSM Hackfest participants learnt to:

• Install OSM and run some examples
• Get familiar with OSM’s GUI and CLI
• Create own VNF and NS descriptors and build packages
• Model and deploy NS/VNF with EPA capabilities
• Model dynamic Life Cycle Management operations with Day-1 and Day-2 actions
• Model 5G Network Slices and complex NS with PNFs
• Perform basic troubleshooting
• Configure Fault and Performance management and close-loop operations
• Modify and experiment with OSM source code
• Build complex examples and run own experimental testing

COINS supported Ali Esmaeily to attend the 7th OSM Hackfest in Patras, Greece.

CLEF 2019 was hosted by the Università della Svizzera italiana (USI), Switzerland, 09-12 September 2019.

CLEF 2019 was the 10th CLEF conference continuing the popular CLEF campaigns which have run since 2000 contributing to the systematic evaluation of information access systems, primarily through experimentation on shared tasks.
CLEF 2019 consisted of an independent peer-reviewed conference on a broad range of issues in the fields of multilingual and multimodal information access evaluation, and a set of labs and workshops designed to test different aspects of mono and cross-language Information retrieval systems. Together, the conference and the lab series maintained and expanded upon the CLEF tradition of community-based evaluation and discussion on evaluation issues.

This year, CLEF was open to a wider, industrial community. The Industry Days allowed the interaction between the scientific community, practitioners and decision-makers through panels, a special keynote and presentations. Additionally, the very best and most pertinent work of the academic CLEF participants was made accessible in a concise manner.

COINS supported Parisa Rezaee Borj to attend the PAN at CLEF 2019 in Lugano, Switzerland.

The summer school was organized in lectures and hackathons, providing a mix of in-depth research presentations and hands-on experience, and it was focused on published and current high-impact research projects. The school covered cutting-edge topics on blockchains and other distributed ledger technologies to foster understanding of their respective security and privacy specific requirements and guarantees by bringing together academic researchers and experts from industry. Example topics included: novel attacks on distributed systems; consensus protocols and fault tolerance; incentive structures, such as proof-of-work and proof-of-stake; recent results on blockchain scalability, payment channels and state channels; advancements on smart contracts; or, realistic adversarial capabilities.

Students had networking opportunities with experts from academia and industry, sponsors, and among each other. They also had the opportunity to present their own results in front of experts from academia and industry in the form of lightning talks and poster presentations.

COINS supported Shuang Wu to attend the 1st International Summer School on Security & Privacy for Blockchains and Distributed Ledger Technologies in Vienna, Austria.

The interdisciplinary summer school on privacy provided an intensive one-week academic post-graduate programme teaching privacy from a technical, legal and social perspective. The goal of the summer school was to provide students with a solid background in the theory of privacy construction, modeling and protection from these three different perspectives. It also aimed to help them to establish a first international network with peers and senior academics across these disparate disciplines.

According to Gray et al. dark patterns started as a practitioner led initiative uncovering features of interface design crafted to trick users into doing things they may not want to do, but which benefit the business in question. More formally, the authors define it as instances in which designers use their knowledge of human behavior (e.g., psychology), and the desires of end users to implement deceptive functionality that is not in the user’s best interest.
At this summer school, they focused on dark patterns that impact users’ privacy or their ability to practice their data protection rights. Dark patterns raise crucial questions regarding compliance with European data protection legislation and ethical technology deployment. In January 2019 the French Data Protection Authority (CNIL) imposed a fine of 50 million Euros on Google “in accordance with the General Data Protection Regulation (GDPR), for lack of transparency, inadequate information and lack of valid consent regarding the ads personalization”, according to the CNIL. This sky-high fine illustrates the importance paid by regulators to combating dark patterns. Also, consumer organizations, like the Norwegian Consumer Council, have reported on how users are ‘deceived by design’ by tech companies, discouraging people to exercise their rights to privacy. In this summer school, they proposed to look beyond the interface, and ask, where do dark patterns emerge in the production of internet-based services, in the organizing of software and hardware infrastructures, in the elaboration and interpretation of laws, in the push for certain economic models, and conceptions of data, systems, users, and the social. How do we come to recognize, uncover, resist and prevent dark patterns in these different socio-technical contexts?

Dark patterns as a concept is not easy to pin down since manipulation of environment and behavior can be seen as a part of any design intervention. Yet, the rise of the concept is indicative that there is a considerable set of practices that are identified under the label of dark patterns. In this context, at the summer school, they discussed study dark matters and asked whether intentions matter, or outcomes can also serve as a way to identify whether a practice may qualify as a dark pattern in the context of privacy and data protection. Being able to think collectively about this hard question provided people with tools, methods and arguments to address the continuum between poor design or decisions, lack of resources, incompetence, recklessness, optimization, externalization of costs, and intentional patterns that lead to manipulation, deception or unwarranted levels of persuasion. They explored together where we can productively draw the line when it comes to patterns that harm vs. patterns that just do, and how technical, social, ethical, legal and economic practices may be reimagined to address these practices.

The summer school was interdisciplinary, involving the following disciplines: computer science, law and social sciences / media and communication studies.
The school lasted one week, with nine scheduled lectures (five-morning lectures and four-afternoon lectures) of two hours each. These nine lectures were equally distributed over the three disciplines, with top-notch lectures from each of the disciplines. The lectures laid the grounds for an interdisciplinary conversation among students and lecturers coming from a variety of backgrounds.

The remaining time was used for hands on working group sessions to study practical cases. The cases were offered by businesses, governments, government related institutions (like DPAs) and civil society/NGOs. Groups of six students, were formed to tackle the cases and reported back on their results in a plenary session.

The school was held in a location that encourages dialogue and social interactions between both the staff and the students, both during lectures and in the evening. Staff (i.e. lecturers) were encouraged to stay at the summer school for the whole length of the school. The summer school was foremost aimed at PhD students from computer science, law and social sciences.

Participants of the summer school were awarded two ECTS (study credits) and received a certificate of attendance issued by the Radboud University attesting this.

COINS supported Elahe Fazeldehkordi to attend the ISP 2019 in Nijmegen, The Netherlands.

5th World Congress on New Technologies (NewTech’19)

NewTech was aimed to become one of the leading international annual congresses in the fields of new technologies. The congress was composed of 4 conferences. While each conference consisted of an individual and separate theme, the conferences shared considerable overlap, which prompted the organization of this congress.

ICNFA’19 – 10th International Conference on Nanotechnology: Fundamentals and Applications
ICEPR’19 – 9th International Conference on Environmental Pollution and Remediation
ICBB’19 – 5th International Conference on Biotechnology and Bioengineering
ICERT’19 – 3nd International Conference on Energy Research and Technology

This congress provided excellent opportunities to the scientists, researchers, industrial engineers, and university students to present their research achievements and to develop new collaborations and partnerships with experts in the field.

COINS supported Elahe Fazeldehkordi to attend the NewTech’19 in Lisbon, Portugal.

While blockchain-based applications such as Bitcoin are still in their infancy, a dramatic increase in industrial and academic interest in blockchain technology is evident. In addition, start-ups, as well as industry initiatives, are presently working intensely on blockchain-based innovations, making the technology one of the most promising drivers of innovation in many sectors and industries. However, the design and implementation of blockchain-based systems requires know-how in several areas, as well as mindful consideration of larger economic and societal issues. These objectives provided the starting point for this summer school.

In this fourth blockchain summer school organized by the European Blockchain Center, they focused on educating students in blockchain technology to develop solutions within different industries. The participants learned how blockchain technology is disrupting existing business models and gained insights in paradigmatic changes occurring from economic, organisational and computer science viewpoints. As learning outcomes, the participants were submerged into computer science, information systems, and business knowledge background in order to analyse existing business processes and their potential to convert them into blockchain-based solutions. In so doing, they were able to co-create new blockchain-based systems, taking into consideration both cryptographic and economic aspects.

Within the summer school, participants learned how to set up a development environment and how to work with proven platforms such as Ethereum, NEO and others. They were able to design and implement their own smart contracts and coded their own Dapps (decentralized apps).

Once basic blockchain elements have been introduced, participants worked on their own blockchain development projects, supported by the participating industry partners. The outcomes were functioning demonstrators, as well as a written documentation and reports that illustrated the business process or mechanism realized in a blockchain implementation and how, in so doing, a real-world challenge was addressed.

In contrast to the three successful Blockchain Summer Schools in 2016 to 2018, this year lifted it to the next level by establishing three parallel tracks: Basic, Advanced and Improving blockchain / DLT systems as a technology.

An amount of 5 ECTS was provided to PhD students who successfully pass the exam. To pass the exam participants presented their blockchain solutions at the end of the summer school and defended these. In addition, they produced 15 pages of report after the summer school and/or wrote a paper that is to be submitted to an academic outlet, such as conference or journal, coached by the summer school organisers. The presentation, report as well as the working paper were mandatory deliverables and after they have been assessed at a satisfactory level, the ECTS points were granted and a certificate issued.
Independently, all participants received a certificate that they participate in the summer school.

COINS supported Befekadu Gebraselase to attend the Blockchain Summer school in Copenhagen, Denmark.

DeepLearn 2019 was a research training event with a global scope aiming at updating participants about the most recent advances in the critical and fast developing area of deep learning. This is a branch of artificial intelligence covering a spectrum of current exciting machine learning research and industrial innovation that provides more efficient algorithms to deal with large-scale data in neurosciences, computer vision, speech recognition, language processing, human-computer interaction, drug discovery, biomedical informatics, healthcare, recommender systems, learning theory, robotics, games, etc. Renowned academics and industry pioneers lectured and shared their views with the audience.

Most deep learning subareas were displayed, and main challenges identified through 2 keynote lectures, 24 four-hour and a half courses, and 1 round table, which tackled the most active and promising topics. Interaction were a main component of the event.

An open session gave participants the opportunity to present their own work in progress in 5 minutes. Moreover, there were two special sessions with industrial and recruitment profiles.

DeepLearn 2019 was addressed to students, researchers and practitioners who wanted to keep themselves updated about recent developments and future trends. All found it fruitful to listen and discuss with major researchers, industry leaders and innovators.

3 courses run in parallel during the whole event. Participants were able to freely choose the courses they wish to attend as well as to move from one to another.

COINS supported Ramtin Aryan to attend the DeepLearn 2019 in Warsaw, Poland.

The summer school was organized by Immanuel Kant Baltic Federal University in Kaliningrad.

COINS supported Thor Tunge and Bor de Kock to attend the IACR Summer school “Euclidean lattices: theory and applications” in Kaliningrad, Russia.

The school was open to graduate students, researchers, and practitioners from academia and industry. The school aimed at bringing together members from the international security research community to debate contemporary issues in the area of privacy and security of blockchain technology and designing new cryptocurrencies with better security guarantees. The main part of the school consisted of lectures given by world-leading researchers in this area. The school brought the participants through technical aspects of Blockchain and Cryptocurrencies Security. It was also their intention to build strong research relations and exchange opportunities between the involved institutions and participants.

COINS supported Mayank Raikwar to attend the International Summer School on Blockchain and Cryptocurrencies Security in Padua, Italy.

The summer school was jointly organized by the Digital Security (DiS) group, Radboud University (The Netherlands), ETH Zurich Information Security and Privacy Center (Switzerland) and Faculty of Electrical Engineering and Computing, University of Zagreb (Croatia).

The school aimed at bringing together Master/PhD students, academics and security experts from industry.
The focus of the summer school was on:

• Cryptography for the Internet
• Recent developments in cryptography
• Systems security
• Network security
• Machine learning in security & privacy
• Physical security & cryptographic implementations
• Privacy enhancing technologies

This year’s edition included a special one-day workshop on side-channel attacks and countermeasures. The workshop was sponsored by the Technology Foundation TTW (project 13499 – TYPHOON) from the Dutch government. They also had a hardware tutorial and run-time attack tutorial.

COINS supported Åvald Åslaugson Sommervoll and Farzane Karami to attend the Summer School on real-world crypto and privacy in Šibenik, Croatia.

Participants
IT security researchers and research groups of the following Universities/University Colleges are part of the network: Karlstad University, Chalmers University of Technology, Stockholm University, KTH, Skövde University, Linköping University, Örebro Univeristy, Blekinge Institute of Technology, Luleå University.

Activities
Annual 2-days SWITS seminars are held each spring in which:
– Supervisors give an overview to their research areas
– Ph.D. students have the possibility to present their research work, to get feedback and inspirations from other students and supervisors
– Research methodologies in IT security are discussed
– Introductory tutorials are given

This year the seminar SWITS seminar took place in June 3-4th, June 2019 in Karlstad, Sweden. COINS supported three PhD students to attend the seminar: Ahmed Amro, Livinus Obiora Nveke and Muhammad Mudasser Yamin.

The program included recent research in the sub-themes of consensus protocols, zero-knowledge proofs, privacy and anonymity-preserving techniques, language design and semantics for smart contracts, formal verification of cryptographic protocols and implementations, among other relevant topics. The workshop aimed to enable interdisciplinary research and foster collaboration among theoreticians and practitioners in blockchain protocols, distributed systems, and cryptography.

The TPBC19 was organized by Concordium Blockchain Research Centre Aarhus which is located at Department of Computer Science at Aarhus University.

COINS supported Mayank Raikwar to attend the TPBC 2019 in Aarhus, Denmark.

Boolean Functions and their Applications (BFA) 2019 took place in June 16-21st, 2019 in Florence, Italy.

Boolean functions and more generally all the discrete structures used in error correcting coding, cryptography or communications, are highly active areas of research. The workshop Boolean Functions and their Applications (BFA) was to provide a forum for researchers who are working on discrete functions and structures, particularly on Boolean functions, to exchange ideas and interests in open problems, and to further explore their applications in cryptography, error correcting codes and communications.

This workshop was organized by Selmer Center, University of Bergen in honor of Prof. Claude Carlet’s 70th birthday

COINS supported Irene Villa, Diana Davidova, Nikolay Kaleyski and Dan Zhang to attend the BFA 2019 in Florence, Italy.

BigDat 2019: 5th International Winter School on Big Data took place in January 7-11th, 2019 in Cambridge, UK.

BigDat 2019 was a research training event with a global scope aiming at updating participants on the most recent advances in the critical and fast developing area of big data, which covers a large spectrum of current exciting research and industrial innovation with an extraordinary potential for a huge impact on scientific discoveries, medicine, engineering, business models, and society itself. Renowned academics and industry pioneers have lectured and shared their views with the audience.

Most big data subareas were displayed, namely foundations, infrastructure, management, search and mining, security and privacy, and applications (to biological and health sciences, to business, finance and transportation, to online social networks, etc.). Major challenges of analytics, management and storage of big data were identified through 2 keynote lectures, 24 four-hour courses, and 1 round table, which tackled the most active and promising topics. The organizers were convinced that outstanding speakers attracted the brightest and most motivated students. Interaction was a main component of the event.

An open session gave participants the opportunity to present their own work in progress in 5 minutes. Moreover, there were two special sessions with industrial and recruitment profiles.

Master’s students, PhD students, postdocs, and industry practitioners were typical profiles of participants. Overall, BigDat 2019 was addressed to students, researchers and practitioners who wanted to keep themselves updated about recent developments and future trends.

COINS supported Ambika Shrestha Chitrakar to attend the BigDat 2019 in Cambridge, UK.

Agenda

Monday 25/11-2019, Narvik

Map

1300-1315 Welcome, introduction, presentation of participants
1315-1400 Lessons learned from doing a Ph.D.

• Seraj Fayyad, Princess Sumaya University for Technology, Jordan: Doing PhD in IoT Security.

1400-1530 Presentations by the participants

• Ahmed Walid Amro: Connect and Protect: Requirements for Maritime Autonomous Surface Ship in Urban Passenger Transportation
• Livinus Obiora Nweke: Resilience Analysis of Software-Defined Networks Using Queueing Networks
• Muhammad Ali Fauzi: Modelling Healthcare Staffs’ Mental State to Minimize Cybersecurity Risk
• Prosper Yeng: overview of modeling and analyzing healthcare staffs’ security practices
• Muhammad Mudassar Yamin: Serious Games as a Tool to Model Attack and Defense Scenarios for Cyber-Security Exercises

1530-1615 Life after the Ph.D.

• Oleksandr  Kazymyrov: Time-Lapse in Industry: 5 Years in 40 minutes
• Andrii Shalaginov, NTNU: Life after PhD: collaboration, networking and funding opportunities
• Berglind Fjola Smaradottir, UiA: The life after the PhD: how to find new projects and funding of proposals

1615-1645 Panel: Ask the Professor/Professional
1645-1700 Election of two COINS student representatives

To register,

1. Fill in an application for funding (type of support: “Ph.D. student seminar”)
2. Register for NISK (not mandatory, but highly recommended)

 

Logistics

The seminar will take place on Monday afternoon. NISK will start Tuesday morning (until Wednesday evening). For accommodation we suggest to follow the recommendations by NISK organizers.

COINS students get coverage for travel (least expensive practical alternative t/r Narvik) and accommodation (COINS+NISK). Students without a regular paper, i.e. none or a poster, get coverage for the NISK conference fee. This results from the longstanding COINS policy that presentations of full papers are considered to be in the responsibility of the student’s department.

NISK: You need to wear your COINS t-shirt and/or hoodie and upload a picture of you wearing it at the conference. You need to submit a 2 page travel report on your participation that can be shared with other COINS students and can be published on the COINS website after the event. If you present a poster at NISK, you send us a picture of you presenting the poster with a COINS logo instead of a travel report.

COINS supervisors get coverage for travel (least expensive practical alternative t/r Narvik) and accommodation related to their Ph.D. student seminar participation. COINS does not pay for supervisor attendance or participation at NISK, but you are welcome to book your flight so that you can attend NISK with your own funding.

SWITS students and Ph.D. students from COINS partners get coverage for travel (least expensive practical alternative t/r Narvik) and accommodation under the same conditions as COINS students.
COINS does pay for accommodation and NISK attendance for students that attend both the COINS seminar and NISK, present a poster, wear a COINS t-shirt throughout the NISK conference, acknowledge COINS funding on their poster and document their contribution by two photos of them taken at the conference and by writing a one page report on their seminar participation that can be published.

All inquiries can be sent to info@coinsrs.no.

ECTS credits

Participating COINS Ph.D. can obtain ECTS credits that might be used towards the taught component of their Ph.D. programme.

Students need to enrol in “IMT6004 COINS Workshop” at NTNU to be formally allowed to get ECTS credits according to the requirements in the course description. (If you have taken IMT6004 before, you can enrol in “IMT6005 COINS Workshop II” (or “IMT6006 COINS Workshop III”).

Please indicate in your application for funding or by email to info@coinsrs.no if you are interested in enrolling in IMT6004. Students get a transcript from NTNU documenting their participation and then need to present it to their local COINS member institution. All consortium members agreed that participation in IMT600x would be recognised as being eligible for consideration towards the taught component of the Ph.D. programmes.

The title of his thesis is “Trusted Execution on Commodity Devices Use Case: Online User Authentication”.

Commodity computing devices, such as laptops and smartphones, are an essential part of
today’s society. We routinely rely on them for both our professional and personal lives. Furthermore, many of the client applications they run are security critical. The trusted computing base of these applications includes the devices’ underlying system software (operating system, hypervisor and firmware), which is large, complex, and vulnerable to compromise. To mitigate this risk, Trusted Execution Environments, TEEs, offer a security primitive which protects the confidentiality and integrity of user applications’ code and data, against the device’s underlying system software which can be malicious.

Online user authentication is a prominent example of user applications which can benefit from the security guarantees of TEEs. While different realizations of hardware TEEs are commonly deployed within today’s commodity devices, user authentication applications do not use their services. Instead, TEEs are heavily used by few premium Service Providers, SPs, such as original equipment manufacturers. In fact, TEEs have been primarily designed to meet the requirements of such premium SPs, and have consequently under-prioritized the needs of end-users and application developers. As a result, TEEs lack important functionalities, such as secure input/output channels to end-users.
This thesis shows that we can use available commodity TEEs as primitives to build systems which meet the specific security requirements for user authentication developers and their end-users.
We first study the security of passwords and Fast Identity online (FIDO) as two prominent
user authentication modalities. We then present TrustUI, a solution that enables secure
input/output channels from end-users to online service providers. TrustUI uses Intel SGX and personal security devices that are based on secure elements as TEE primitives. We finally present SMMDecoy, a new architecture which leverages System Management Mode and security by deception techniques, to detect firmware keyloggers that can compromise the confidentiality of the keyboard’s user interface.

The following committee has been appointed to evaluate her thesis, trial lecture and defense:

• First external opponent: Professor Geir Køien,  University of Agder, Norway.
• Second external opponent: Post Doc Elena Pagnin, University of Aarhus, Denmark.
• Internal member:Professor Olaf Owe, Department of Informatics, University of Oslo.

Chair of defence: Associate Professor Ragnhild Kobro Runde, University of Oslo

Ijlal Loutfi carried out her PhD work at the Department of Informatics , University of Oslo.

Her main supervisor was Professor Audun Jøsang, Department of Informatics, University of Oslo and co-supervisor Professor Frank Eliassen, Department of Informatics, University of Oslo.

Congratulations!

Eurocrypt 2019 took place in Darmstadt, Germany on May 19-23 2019. It was organized by the Cryptoplexity group of TU Darmstadt.

COINS supported Åvald Sommervoll, Mayank Raikwar, Bor de Kock, Mattia Veroni and Navid Ghaedi Bardeh to attend the EUROCRYPT 2019 in Darmstadt, Germany.

Åvald Sommervoll has also attended two affiliated events.

1. Code-based cryptography is the area of research that focuses on the study of cryptosystems based on error-correcting codes, following the seminal work of McEliece and Niederreiter in the late 1970s – early 1980s. These systems have shown no vulnerabilities to quantum attackers and the relevant research branch is widely regarded as one of the most promising in the so-called area of Post-Quantum Cryptography. Current efforts in code-based cryptography are directed at producing fast, secure and efficient schemes. Research in this area has also been fostered by the recent NIST’s Post-Quantum Standardization call. The goal of this two-day workshop was to bring together the community to discuss recent developments, as well as introduce the field to anyone interested in discovering more about this research area. The program includes invited talks, contributed talks and dedicated discussion sessions.
2. The topic of quantum algorithms is an area attracting increasing interest and is of particular importance for post-quantum cryptography. In order to build or cryptanalyse proposed quantum-safe schemes, an awareness of applicable quantum algorithms is essential. This is especially relevant given the ongoing NIST post-quantum standardisation process. This workshop gave an overview of the use of quantum algorithms in cryptanalysis. The program was comprised of invited talks from expert speakers who have worked in the development of quantum algorithms and their application in cryptanalysis. The target audience was cryptographers who would like to learn details of how the various quantum algorithms work as well as how they can be applied in cryptanalysis.

Zero Knowledge Proofs are a cutting edge cryptographic tool that is starting to see adoption. This breakthrough technology form the basis of several cryptographic applications, improving the trade-offs between data privacy and integrity. Zero Knowledge Proofs allow a prover to convince a verifier that some computational statement is correct without revealing any information except the veracity of the statement.

ZKProof.org is an open initiative of industry and academia to standardize the use of zero knowledge proofs.

The first day was dedicated to an Research & Industry Showcase of existing work around zero knowledge proofs. During the last two days, there was a Standards Workshop, where participants discussed an initial set of community standards proposed by the community.

COINS supported Tjerand Silde to attend the Zero Knowledge Proof Standardization Workshop in Berkeley, USA.

The General Data Protection Regulation (GDPR) is now in force. The course helped to understand what it takes to handle personal information, from one end of your organization to the other and to understand GDPR requirements. It explained which provisions apply to your own organization. It showed how to design a response that meets regulatory requirements and builds customers’ confidence. It gave the knowledge to become a GDPR-ready privacy pro or the certified DPO (data protection officer) so many organizations need.

GDPR compliance starts with knowledge.

COINS supported Shukun Tokas to attend the IAPP Europe Data Protection Congress 2018 Privacy training in Brussels, Belgium.

The school has focused on novel and advanced applications of cryptography and has discussed the impact of crypto research to society in a broader context. There were also lectures on good practices of innovation in cryptography and entrepreneurship as well as certification and standardisation of cryptographic primitives.

Since this was the last event of the ECRYPT-NET, the fellows from the network have been given the opportunity to present the research they have been performing during the last 3 years and to reflect on their experience and future opportunities.

The school was organised by Bart Preneel, Svetla Nikova and Saartje Verheyen (COSIC, KU Leuven).

COINS supported Dan Zhang and Irene Villa to attend The School on Applied Cryptography and its Impact on Society, Innovation and Entrepreneurship in Malaga, Spain.

The annual Global Solutions Summit held by the Global Solutions Initiative brought together international research organizations, thought-leaders and decision-makers from across political, business and civic communities.

In 2019 1,600 participants from various sectors and 120 countries have registered for the summit, met with 221 speakers and participated in over 60 sessions. The summit aimed to provide policy recommendations on major G20 issues and thereby served as a stepping stone to the Japanese T20 Summit in May 2019 and the Japanese G20 Summit in June 2019. The Global Solutions Summit 2019 was a T20 Japan associated event.

The Global Solutions Summit 2019 focused on the priorities of the Japanese G20 Presidency, including policy recommendations on sustainable development, infrastructure finance, financial architecture, trade and investment, climate change, future of work and education, social cohesion and the future of politics, SME policy, policies for aging populations, and more. All discussions linked to the overarching narrative of recoupling economic, environmental and social progress. We furthermore highlighted all relevant issues for the future of multilateralism and strengthened the implementation site in our discussions.

COINS supported Desta Haileselassie Hagos to attend the Global Solutions Summit in Berlin, Germany.

Oxford Post-Quantum Cryptography Workshop took place in March (18-22th), 2019 at the Mathematical Institute, University of Oxford, UK. The event brought together the top researchers in the field of Post-Quantum Cryptography for a week of fruitful discussions and exchange of ideas.

During the week, each morning there were two talks on various Post-Quantum fields. Each talk was an overview of the techniques used in each PQ field – lattice-based cryptography, hash-based cryptography, code-based cryptography, isogeny-based cryptography and multivariate-based cryptography – with a dedicated focus to NIST submissions, and their state-of-the-art cryptanalysis. One of the talks was on the NIST standardization process by Dustin Moody (NIST).

The morning talks were followed by (group) working sessions, where teams worked on previously agreed research problems.

COINS supported Wrya Kadir and Alessandro Budroni to attend the Oxford Post-Quantum Cryptography Workshop in Oxford, UK.

Over the last decade we have witnessed a series of impressive breakthroughs in data science and AI thanks to important advances in the algorithmic efficiency of data-driven approaches, such as deep learning. While the prime examples of disruptive progress have occurred in fields such as computer vision or natural language processing, there is still a huge potential for these improvements to carry over to other disciplines such as communications engineering. Incipient research has demonstrated the benefits of machine learning for the lower layers of the communication stack, including coding, modulation, equalization, detection, resource allocation, etc.

This training school  revolved around the application of Machine and Deep Learning techniques to the design of (beyond) 5G communication systems, with particular emphasis on physical and lower layers. The training school has comprised keynote and tutorial lectures by renowned researchers from academia and industry, focused presentations on recent advances in this research field and hands-on sessions.

The program included a student poster session and a Machine learning challenge, with prizes and awards for both activities.

COINS supported Ashish Rauniyar to attend the 6th Training School on Machine and Deep Learning Techniques for (Beyond) 5G Wireless Communication Systems in Barcelona, Spain.

The title of his thesis is “Robust Biometrics on Smartphones – Using Quality Assessment, Presentation Attack Detection, and Biometric Fusion” and the given topic for his trial lecture was “Blockchain technology, algorithms and benefits in Healthcare”.

With the technological advancements in mobile technology, there is a massive
adoption of biometrics as a security measure in today1s smartphones. Smartphones
are used in all day to day activities such as online banking, accessing
official and personal emails, social networking and also to store personal
data. Although smartphones provide high user convenience, there is
an inherent security threat as losing such a device could lead to a loss of
such sensitive data. This could cause disastrous effects on the smartphone
user. In order to reduce the privacy and security threats, basic solutions
are provided with every smartphone. However such solutions could cause
user inconvenience sometimes, for example, it is hard to remember complex
lock patterns, longer pin codes; also such patterns and pins could be easily
hacked. Thus, an inherent need of added security measure is there and
which could be conveniently fulfilled by biometrics on smartphones. As a
result of which, recently, most of the smartphones are manufactured with
inbuilt fingerprint sensor, or state-of-the-art face or iris recognition system.
Today, we can say that for any smartphone, a biometric system is one
of an essential component just like the front and rear cameras. However,
the inclusion of such a biometric system comes with a cost such as the
performance of a biometric system is depends on several factors such as the
input sample quality, systematic and random errors. Moreover, biometric
systems are highly vulnerable to direct and indirect attacks. The direct
attacks aka presentation attacks are carried out at the biometric sensor
level by presenting a fake biometric sample. If a biometric system does not
have an attack detection module also know as presentation attack detection
module, it is trivial to spoof any biometric system.

Thus, the primary objectives of this thesis are to address the challenges
of smartphone biometrics. The unconstrained nature biometric sample capture
in a smartphone environment could cause challenging input samples for
the recognition system and results in a lower comparison score. Therefore,
it is essential to assess the precise quality if the input samples. In this work,
we present and compare several quality assessment algorithms to formulate
a unified face recognition system. This thesis proposes two presentation attack
detection techniques for smartphone-based face recognition system and
one for fingerphoto recognition system. The thesis also extends the applications
of some concepts from Subjective Logic to fuse the comparison scores
from face and fingerprint recognition system. Additionally, this thesis proposes
a multi-biometric and multi-algorithmic fusion scheme to mitigate the
effects of body weight variations for face recognition systems. Although the
proposed framework does not use smartphone biometric data, the method
could be easily adapted for the smartphone-based face recognition.
The validity of proposed frameworks for consistent performance is demonstrated
through extensive experimentation on publicly available and newly
created databases. We have also presented a new smartphone based multimodal
biometric database as well as presentation attack database in this
work. Conclusively, the thesis proposes a robust Biometric Quality Assessment
(BQA), Presentation Attack Detection (PAD) and Biometric Fusion
techniques to address the issue of sample quality assessment, presentation
attacks, and multi-modal biometric fusion. A detailed experimental analysis
and comprehensive studies has been executed to evaluate the proposed
methods under the scope of this thesis work. The presented methods will
help the researchers and users of smartphone biometrics to improve the
robustness of the system.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Associate Professor Maria De Marsico, Department of Computer Science, Sapienza University of Rome, Italy.
• Second external opponent: Professor Martin Drahanský, Department of Intelligent Systems, Brno University of Technology, Czech Republic.
• Internal member and committee administrator: Associate Professor Sule Yildirim Yayilgan, Department of Information Security and Communication Technology, NTNU.

Pankaj Shivdayal Wasnik carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik.

His main supervisor was Professor Raghavendra Ramachandra, Department of Information Security and Communication Technology, NTNU and co-supervisor Professor Christoph Busch, Department of Information Security and Communication Technology, NTNU.

Congratulations!

JEEIT 2019 provided a unique forum to discuss practical approaches and state of the art findings in using the applied electrical engineering and information technologies to

solve national problems that face Jordan and other developing countries. JEEIT 2019 merged three conferences: The 5th IEEE Jordan Conf. on Applied Electrical Eng. and Computing Technologies (AEECT 2019), The 11th Jordanian Int’l Electrical and Electronic Eng. Conf. (JIEEEC 2019) and The 9th Int’l Conf. on Information Technology (ICIT 2019) in one big conference with one organizing committee, one program, and one proceedings.

COINS supported Ahmed Amro to attend the 2019 IEEE Jordan International Joint Conference on Electrical Engineering and Information Technology took place in Amman, Jordan.

Winter school on the mathematical foundations of asymmetric cryptography took place in Aussois, France, March 17–22, 2019.

This winter school on the mathematical foundations of asymmetric cryptography lasted 5 days. Diverse and particularly active aspects of this research area were covered, via mini-courses and talks.

This school was a session of the Etats de la Recherche organized by the French Mathematical Society (SMF). The school was targeted mathematicians and computer scientists with a background in algebra: M2 and PhD students, post-docs and researchers, not necessarily specialized in this area.

COINS supported Mattia Veroni to attend the winter school on the mathematical foundations of asymmetric cryptography in Aussois, France.

The title of his thesis is “Attribute Based Cryptographic Enforcements for Security and Privacy in E-health environments” and the given topic for his trial lecture was “Cryptographic improvements in TLS 1.3 over 1.2: Whys and hows”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor James B. D. Joshi, School of Computing and Information, University of Pittsburgh, USA.
• Second external opponent: Professor Øyvind Ytrehus, Department of Informatics, University of Bergen, Norway.
• Internal member and committee administrator: Ole-Christoffer Granmo, Department of ICT, UiA.

Harsha Sandaruwan Gardiyawasam Pussewalage carried out his PhD work Engineering and Science with Specialisation in Information- and Communication Technology (ICT), Univeristy of Agder.

His main supervisor was Professor Vladimir Oleshchuk, Department of Information and Communication Technology, UiA and co-supervisor Professor Geir Myrdahl Køien, Department of Information and Communication Technology, UiA  .

Congratulations!

The title of his thesis is “Towards Fairness and Decentralisation in Modern Cryptocurrencies” and the given topic for his trial lecture was “Universally verifiable random sources”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Peter Ryan, University of Luxembourg.
• Second external opponent: Dr. Vanessa Teague, University of Melbourne.
• Internal member and committee administrator: Professor Slobodan Petrovic, Department of Information Security and Communication Technology, NTNU.

Christopher Alan Carr  carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik.

His main supervisor was Professor Colin Boyd, Department of Information Security and Communication Technology, NTNU.

Congratulations!

The summer school was jointly organized by the Digital Security (DiS) group, Radboud University (The Netherlands), ETH Zurich Information Security and Privacy Center (Switzerland) and Faculty of Electrical Engineering and Computing, University of Zagreb (Croatia).

The school aimed at bringing together Master/PhD students, academics and security experts from industry. The focus of the summer school was on:

• Cryptography for the Internet
• Recent developments in symmetric key cryptography
• Security proofs in cryptography
• Wireless security
• Crypto for systems security
• Software and hardware security
• Privacy enhancing technologies
• Blockchain security (special session).

This year’s edition included a special session on distributed ledgers, where participants learned from several experts in the area about broad security aspects associated with these technologies. This session has been sponsored by the Glass Houses project, which is funded by the UK’s Engineering and Physical Sciences Research Council (EPSRC).

COINS supported  Ijlal Loutfi to attend Summer School on real-world crypto and privacy 2018 in Šibenik, Croatia.

The school provided students/professionals with the prerequisite fundamentals of mathematics, statistics, programming and paper reading skills required for starting a career in AI research and with an overview of state-of-the-art research in ML and AI.
It also inspired early stage researchers from Nepal and the region to take on challenging high impact AI problems in visual recognition, natural language processing, medical science etc.
The summer school provided a venue for sharing and discussing cutting-edge technological advances in AI among both veteran and young researchers from around the world and created new opportunities for the participants and well as played an important role in democratizing AI by inspiring the next generation of leaders in AI from developing countries.

The Nepal School consisted of series of lectures, lab sessions, and scientific paper reading/writing sessions given by invited world-class experts. The experts included a number of alumni who graduated from the local engineering schools and had good knowledge of the teaching methodology there and the key gaps that need to be filled. The social events (a day hiking and dinner) provided ample opportunities for the like-minded people to network and collaborate.

COINS supported Ashish Rauniyar and Debesh Jha to attend First Nepal Winter School in AI in Kathmandu, Nepal.

The school has aimed at students at all levels (BSc/MSc/PhD) and postdocs. The school has featured 4 introductory mini-courses, special talks, and talks contributed by the participants.

COINS supported  Dan Zhang to attend the summer school Number theory and coding theory – contemporary applications in security in Turku, Finland.

Real World Crypto Symposium aimed to bring together cryptography researchers with developers implementing cryptography in real-world systems. The conference goal was to strengthen the dialogue between these two communities. Topics covered focus on uses of cryptography in real-world environments such as the Internet, the cloud, and embedded devices.

The RWC series of events was initiated by Kenny Paterson and Nigel Smart in 2012, as part of a celebration at the Isaac Newton Institute in Cambridge to celebrate the 100th anniversary of the birth of Alan Turing. At that point the rather less punchy title was Is Cryptographic Theory Practically Relevant?. The event was an amazing success and within a week we had been contacted about organizing a follow up event; and so Real World Cryptography was born.

Talks were selected on the basis of impact on the real world (potential or current), interest to the audience, and our perceived quality of the speaker.

COINS supported  Tjerand Silde to attend Real World Crypto 2019 in San Jose, USA.

Smart grid technology is currently entering the electrical market by the deployment of smart meters. Electric vehicles introduce new challenges on the grid capacity but may also support grid stability. Volatile renewable energy challenges grid stability. Wind power electricity produced at shore regions has to be transported to industrial regions by high-capacity power links. Local photovoltaic sources may make residents independent for some time periods. The new power grid becomes smart, when all prosumers can communicate fast, securely, and reliably.

In its 2018 Edition, IEEE SmartGridComm kept its acronym, but the full title of the conference has been changed to IEEE International Conference on Communications, Control, and Computing Technologies for Smart Grids. This enlarged the scope of the conference towards more general cyber-physical systems and Internet of Things, which were research topics that become inseparable from the future smart energy.

COINS supported Handunneththi V. Kalpanie Mendis to attend IEEE SmartGridComm 2018 in Aalborg, Denmark.

COINS supported Navid Ghaedi Bardeh to attend Symmetric Proof Techniques school in Bertinoro, Italy.

The title of his thesis is “An Access Control Model to Facilitate Healthcare Information Access in Context of Team Collaboration”.

The delivery of healthcare relies on the sharing of patients’ information among a group of healthcare professionals. At present, electronic health records (EHRs) are widely utilized system to create, manage and share patient healthcare information among healthcare teams. While it is necessary to provide healthcare professionals (member of the healthcare team) with privileges to access patient health information, providing too many privileges may backfire when healthcare professionals accidentally or intentionally abuse their privileges. Ensuring patient privacy and improving patient care quality are two of the most significant challenges faced by healthcare systems around the world. Hence, finding a middle ground, where the necessary privileges are provided and malicious usage are avoided, is necessary. This PhD study highlights the access control matters in collaborative healthcare domain.Focus  is mainly on the collaborative activities that are best accomplished by organized healthcare team within or among healthcare organizations with an objective of accomplishing a specific task (patient treatment).

We investigate the importance and challenges of effective healthcare team treatment, the sharing of patient health records in healthcare delivery, patient data confidentiality and the need for flexible access of the members of the team corresponding to the requirements to fulfill their duties. The focus is on developing an access control model that balance between healthcare team collaboration and safeguarding sensitive patient information.

The major contributions of our access control model include ensuring that access rights are adapted to the actual needs of healthcare providers and providing fine-grained control of access with the minimum necessary standard, whereby healthcare providers are granted minimal access to carry out their duties.

The title of the trial lecture was: “Strategies and challenges of role mining in access control“.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Tuomas Aura,  Aalto University, Finland.
• Second external opponent: Associate Professor Lillian Røstad, Department of Informatics, University of Oslo, Norway.
• Committee administrator: Professor José Julio Cabeza Gonzalez, University of Agder, Norway.

Mohamed Ali Saleh Abomhara carried out his PhD work at the Department of Information and Communication Technology, University of Agder. His main supervisor was Professor Geir Myrdahl Køien, Department of Information and Communication Technology, University of Agder and co-supervisor was Professor Vladimir Oleshchuk, Department of Information and Communication Technology, University of Agder.

Congratulations!

The title of his thesis is “Systems of Boolean equations, elimination theory, and applications to cryptography” and the title of the trial lecture was: “On fault injection attacks on cryptographic hardware implementations, and techniques for preventing such attacks“.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor, Dr.rer.nat. habil. Martin Kreuzer, Universität Passau, Germany.
• Second external opponent: Professor, Dr.rer.nat. Patrick Felke, Hochschule Emden-Leer, Germany.
• Internal member: Director, Ph.d. Kjell Jørgen Hole, SIMULA, University of Bergen, Norway.
• Chair of the defence: Professor Jaakko Timo Henrik Järvi, Department of Informatics, University of Bergen, Norway.

Bjørn Møller Greve carried out his PhD work at the Department of Informatics, University of Bergen. His main supervisor was Professor Øyvind Ytrehus, Department of Informatics, University of Bergen and co-supervisor was Senior Research Scientist Håvard Raddum, Simula, University of Bergen.

Congratulations!

NordSec is an annual research conference series that has been running since 1996. The events brought together security researchers from the Nordic countries, Northern Europe, and beyond. In addition to being a venue for academic publishing, NordSec was an important meeting place for university faculty, students, and industry researchers and experts from the region. The proceedings consisted of peer-reviewed articles and are published in the Springer Lecture Notes in Computer Science series.

COINS supported Åvald Sommervoll to attend NordSec 2018 in Oslo, Norway.

With the increasing focus on modelling and simulation in the fields of cyber-networks, data mining, cyber security, distributed computing, mobile computing, cognitive computing, cloud computing, computing tools, applications, simulation tools, system performance and data and computer communications, the demand for high quality research outcomes has never been greater. ITNAC has been the forum for researchers and engineers to present and discuss topics related to advanced computing and data communication network technologies, services and applications.

Novel contributions were presented in the form of keynote speeches by international experts, peer-reviewed technical papers, and posters. ITNAC 2018 captured highly innovative and state-of-the-art research from academia, industry and standardization bodies.

COINS supported Aryan Ramtin to attend ITNAC 2018 in Sydney, Australia.

The title of his thesis is “Context-Aware Adaptive Authentication for the IoT in eHealth” and the given topic for his trial lecture was “Privacy and Safety for Mobile Devices”.

The Internet of Things (IoT) presents a concept of smart world around us, where things are trying to assist and benefit people. Patient monitoring outside the hospital environment is one case for the IoT in healthcare. The healthcare system can get many benefits from the IoT such as patient monitoring with chronic disease, monitoring of elderly people, and monitoring of athletes fitness. The IoT in eHealth aims to assist the existing healthcare system by monitoring the vital signs of patient’s health data. The dynamic and heterogeneous environment of the IoT may facilitate the patient with mobility options. However, security-related problems may obstruct the development of such a comprehensive patient monitoring system. While standards and technologies are continuously developed for the IoT, the ethical aspects of these developments must be addressed and it may be incorporated in the system development life cycle.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• • First external opponent: Professor Denis Trček, University of Ljubljana, Faculty of Computer and Information Science, Slovenia.
  • Second external opponent: Professor Rose-Mharie Åhlfeldt, Högskolan i Skövde, Sweden.
  • Internal member and committee administrator: Associate Professor Bian Yang, Department of Information Security and Communication Technology, NTNU.

Kashif Habib carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik and at Norwegian Computing Center. His main supervisor was Dr. rer.nat. Wolfgang Leister, Norwegian Computing Center and co-supervisors Professor Einar Snekkenes, Department of Information Security and Communication Technology, NTNU and Professor Ilangko Balasingham, Rikshospitalet and Department of Electronic Systems, NTNU.

Congratulations!

Boolean functions and more generally all the discrete structures used in error correcting coding, cryptography or communications, are highly active areas of research. The workshop Boolean Functions and their Applications (BFA) was to provide a forum for researchers who are working on discrete functions and structures, particularly on Boolean functions, to exchange ideas and interests in open problems, and to further explore their applications in cryptography, error correcting codes and communications.

COINS supported Diana Davidova, Irene Villa, Nikolay Kaleyski and Dan Zhang to attend The 3rd International Workshop on Boolean Functions and their Applications in Loen, Norway.

The Conference was dedicated to the memory of Emil Artin, an Austrian mathematician of Armenian descent. He was one of the leading mathematicians of the twentieth century. The scientific talks involved all branches of mathematics and its applications. There were around 100 participants from all over the world, for example, Russia, Italy, France, Poland, Slovakia, Serbia, USA, China, South Africa, Brazil and more.

The aim of the conference was to provide a forum where specialists will meet to share ideas of the latest research in Algebraic Structures, Mathematical Logic, Number Theory, Pure and Applied Mathematics, Discrete Mathematics and Computer Science.

COINS supported Diana Davidova, Nikolay Kaleyski and Irene Villa to attend the Emil Artin International Conference in Yerevan, the Republic of Armenia.

The aim of the NISK conference series was to be the principal Norwegian research venue for presenting and discussing developments in the field of ICT security and privacy, and bringing together people from universities, industry, and public authorities.

There were invited both national and international contributions by
researchers, practitioners, and PhD- and Master thesis students
presenting new problems and solutions within topics on ICT security.

COINS supported many PhD students and former students to attend to attend the NISK 2018 conference in Longyearbyen, Norway. Here are they travel reports:

• Berglind Fjola Smaradottir
• Muhammad Mudassar Yamin
• Ramtin Aryan
• Aida Mehdipourpirbazari
• Cristina Viorica Heghedus
• Manish Shrestha 
• Dhanya Therese Jose 
• Songpu Ai
• Isaac Andrés Canales Martinez
• Tjerand Silde
• Nikita Rajendra Karandikar
• Elahe Fazeldehkordi
• Shukun Tokas
• Alessandro Budroni
• Jayachander Surbiryala
• Andrea Tenti
• Merve Bas Seyyar
• Shao-Fang Wen
• Nikolay Stoyanov Kaleyski
• Navid Ghaedi Bardeh
• Jens-Petter Sandvik
• Dan Zhang
• Irene Villa
• Xiaojie Zhu
• Martin Brodin
• Ambika Shrestha Chitrakar
• Diana Davidova
• Parisa Rezaee Borj

SSIC’2018 was the third conference in the area of cyber security focusing on the industry control system, cloud platform and smart cities. City and industrial control infrastructures are changing with new interconnected systems for monitoring, control and automation. The conference provided an international forum for scientists, researchers, professionals, industry practitioners, policy makers, and users to exchange ideas, techniques and tools, and share experience related to all practical and theoretical aspects of communications and network security.

SSIC’2018 conference was technically co-sponsored by IEEE. Topics of interest encompassed not only all practical and theoretical aspects of communications, and network security, but also security mechanism put into some critical applications.

COINS supported Xiaojie Zhu to attend the SSIC 2018 in Shanghai, China.

CrossFyre aimed to bring together female researchers in cyber security (e.g., in cryptography, information security, safety, but not only), to promote their research topics and help develop the careers of women in science and engineering. Thus, CrossFyre’s main cohort was generally formed of female early-career researchers (ECRs), as well as female undergraduate students interested in or working in cybersecurity.

COINS supported Martha Norberg Hovd to attend the CrossFyre 2018 in Guildford, UK.

The summer school has featured a teaching staff of well-known researchers and was targeted at Ph.D. students, engineers, and junior faculty. The first summer school was focused on advanced topics in Distributed Systems. The summer school featured five 50-minute lectures a day on August 15, 16, and 17, for a total of 15 lectures. In the evenings there were social activities and/or poster sessions. The summer school was co-sponsored by the Norwegian Research Council and the Corpore Sano project.

COINS supported Ramtin Aryan, Shukun Tokas and Ijlal Loutfi to attend the ACM SIGOPS Summer School on Advanced Topics in Systems in Tromsø, Norway.

ISSAC 2018 was the premier conference for research in symbolic computation and computer algebra. ISSAC 2018 was the 43rd meeting in the series, which started in 1966 and has been held annually since 1981. The conference presented a range of invited speakers, tutorials, poster sessions, software demonstrations and vendor exhibits with a center-piece of contributed research papers.

COINS supported Alessandro Budroni to attend the ISSAC 2018 in New York, USA.

The goal of this summer school was to bring together the world-class researchers in Fog Computing with undergraduate, graduate students and interested researchers from academia and engineers from industry, to educate the audience on both basics and recent advancements in Fog Computing overview, IoT, Optimization, Big Data, and Deep Learning, and to encourage collaborations on related topics. This summer school also included a 24 hours’ hackathon after the two-days’ classes on Fog Computing, to encourage the students gather to collaborate and challenge themselves to build a project about Fog Computing from start to finish. It was an invaluable opportunity for the participants to gain coding experience, learn fog computing, and win awesome prizes.

COINS supported Desta Haileselassie Hagos and Ashish Rauniyar to attend the 2018 Summer School on “Fog Computing” in Shanghai, China.     

The title of his thesis is “Privacy, Security, and Repair in Distributed Storage Systems” and the title of the trial lecture was: “Age of Information”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Assistant Professor Salim El Rouayheb, Department of Electrical & Computer Engineering, Rutgers University, USA.
• Second external opponent: Professor Camilla Hollanti, Department of Mathematics and Systems Analysis, Aalto University, Finland.
• Internal member and committee administrator: Dr Håvard Raddum, SIMULA, University of Bergen, Norway.

Siddhartha Kumar carried out his PhD work at the Department of Informatics, University of Bergen. His main supervisors were Associate Professor Eirik Rosnes, University of Bergen, Professor Alexandre Graell i Amat, Department of Electrical Engineering,
Chalmers University of Technology, Sweden and Professor Øyvind Ytrehus, Department of Informatics, Univerity of Bergen.

Congratulations!

Seraj Fayyad successfully completed his PhD trial lecture and thesis defense at the University of Oslo on Friday, the 11th of October 2018 and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Measurable Security for Systems built upon the Internet of Things” and the given topic for his trial lecture was “Security by design in safety critical systems”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• • First external opponent: Senior Researcher Aida Omerovic, Software and Service Innovation Department, Sintef.
  • Second external opponent: Professor Lothar Fritsch, Department of Computer Science, Karlstad University, Sweden.
  • Internal member and committee administrator: Professor Martin Steffen, Department of informatics, University of Oslo.

Seraj Fayyad carried out his PhD work at the Department of Informatics, University of Oslo. His main supervisors were Professor Josef Noll, Department of Technology Systems, University of Oslo and Professor Einar Arthur Snekkenes, Department of Information Security and Communication Technology, Norwegian University of Science and Technology.

Congratulations!

Vivek Agrawal successfully completed his PhD trial lecture and thesis defense at the Norwegian University of Science and Technology on Friday, the 4th of October 2018 and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Information Security Risk Management Practices – Community-Based Knowledge Sharing” and the given topic for his trial lecture was “Technological Obsolescence Implications for Information Security”.

“The trial lecture described the concepts of technology, information security, and technological obsolescence, and presented both the challenges and the possible utility of technological obsolescence and its impacts on information security. Both historic and practical perspectives are taken into consideration when analyzing the cause and impact from technological obsolescence on information security. International standards on managing technology obsolescence were also reviewed. The trial lecture received positive feedback from the PhD assessment committee on its well-organized structure and excellent presentation manner.”

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• • First external opponent: Professor Louise Yngström, Department of Computer and Systems Sciences, Stockholm University and KTH – Kungliga Tekniska Högskolan, Sweden.
  • Second external opponent: Professor Alexandre Ardichvili, University of Minnesota, USA.
  • Internal member and committee administrator: Associate Professor Bian Yang, Department of Information Security and Communication Technology, NTNU.

Vivek Agrawal carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik. His main supervisor was Professor Einar Snekkenes, Department of Information Security and Communication Technology, NTNU in Gjøvik and co-supervisors was Professor Stewart Kowalski, Department of Information Security and Communication Technology, NTNU in Gjøvik.

Congratulations!

The title of her thesis is “Exploring Microservice Security” and the given topic for her trial lecture was “Containerization, clustering and service deployment”.

The following committee has been appointed to evaluate his thesis, trial lecture and defence:

• First opponent: Dr Coen De Roover, Vrije Universiteit Brussel, Belgium.
• Second opponent: Dr Tor Erling Bjørstad, mnemonic AS, Norway.
• Internal opponent and administrator of the committee: Dr Noeska Smit, Department of Informatics, University in Bergen, Norway.

Tetiana Yarygina carried out her PhD work at the Department of Informatics, University of Bergen. Her main supervisor was Associate Professor Anya Helene Bagge, Department of Informatics, University of Bergen and co-supervisor was Professor Jaakko Timo Henrik Järvi, Department of Informatics, University of Bergen.

Congratulations!

The title of her thesis is “On Classification and Some Properties of APN Functions” and the given topic for her trial lecture was “Differential cryptanalysis”.

The following committee has been appointed to evaluate his thesis, trial lecture and defence:

• First opponent: Dr Marco Calderini, Researcher, Department of Informatics, University of Bergen, Norway.
• Second opponent: Dr Lars Eirik Danielsen, Senior Consultant, Miles Bergen AS, Norway.
• Third opponent: Dr Natalia Tokareva, Senior Researcher, Sobolev Institute of Mathematics, Russia
• Committee member: Dr Marco Calderini, Researcher, Department of Informatics.

Bo Sun carried out her PhD work at the Department of Informatics, University of Bergen. Her supervisors were: Dr Lilya Budaghyan, Department of Informatics, University of Bergen, Associate Professor Nian Li, Faculty of Mathematics and Statistics, Hubei University, China and Associate Professor Chunlei Li, Department of Informatics, University of Bergen.

Congratulations!

The topic of the summer school was network security.

Six invited lecturers, thirteen students from COINS and abroad, an international researcher, supervisors and an industry representative contributed to the programme. The topics of the lectures were:

• Sandra Scott-Hayward, Queen’s University Belfast: SDN and NFV Security
• Thomas Lukaseder, Ulm University: SDN-assisted Mitigation of DDoS Attacks
• Slobodan Petrović, NTNU: Approximate Search in Intrusion Detection
• Christina Pöpper, NYU Abu Dhabi: LTE/Mobile Network Security
• Steffen Wendzel, University of Applied Sciences Worms: Network Information Hiding and Covert Channels
• Christoffer Hallstensen, NTNU: Computer Network Defence – the big picture

EUROCRYPT 2018 is the 37th Annual International Conference on the Theory and Applications of Cryptographic Techniques. Covering all aspects of cryptology, including theoretical foundations, deployment of cryptographic schemes, cryptanalysis of widely used standards, cryptographic protocols, quantum cryptography, and cryptographic currencies.

This year’s edition took place in Tel Aviv, Israel on April 29-May 3 2018, at the Dan Panorama’s conference center. EUROCRYPT 2018 was one of the flagship conferences of the International Association for Cryptologic Research (IACR), and was organized by the Technion Hiroshi Fujiwara Cyber Security Research Center.

COINS supported Alessandro Budroni, Andrea Tenti and Isaac Canales Martinez to attend the EUROCRYPT 2018 in Tel Aviv, Israel.

Over 1,100 participants, official delegates from T20 Argentina 2018 and T20 Japan 2019, Nobel Laureates and German Chancellor Angela Merkel – this was the Global Solutions Summit 2018 on 28 and 29 May in Berlin.

The Global Solutions Summit brought together policy thinkers and policy leaders from around the world. In over 40 sessions, insights and ideas on the most pressing issues of our times were discussed, focused primarily around the Task Forces of the Argentinian T20 and the priorities of the Argentinian G20 Presidency. This sets the corner stone for key policy recommendations that will recouple the world. 
We also welcomed more than 120 Young Global Changers at the summit, representing the next generation of global problem solvers. Throughout the summit as well as during the Summer School they developed specific ideas on recoupling politics, economics and business.

COINS supported Ashish Rauniyar to attend the Global Solutions Summit 2018 in Berlin, Germany.

Agenda

Tuesday 18/9-2018, Radisson Blu Polar Hotel Spitsbergen

Map

1300-1315 Welcome, introduction, presentation of participants
1315-1415 Lessons learned from doing a Ph.D.

• Chris Carr, NTNU: How to get (and not to get) a PhD + why you should / shouldn’t travel
• Andrii Shalaginov, NTNU: Ph.D: “Mission Impossible” or “Roadside Picnic”?
• Bo Sun, UiB: There is always light at the end of the tunnel

1415-1600 Presentations by the participants

• Adam Szekeres, NTNU: Towards predicting individual human decision making in the context of IoT security
• Ali Khodabakhsh, NTNU: Fake Face Detection: A Biometric Approach
• Jan William Johnsen, NTNU: Identifying Central Individuals in Organised Criminal Groups and Underground Marketplaces
• Mazaher Kianpour, NTNU: Cyber Risk Quantification for Business and Economic Gain
• Muhammad Mudassar Yamin, NTNU: Importance of autonomous teams in operation-based cyber security exercises
• Shukun Tokas, UiO: Language-based mechanisms for GDPR compliance

1610-1650 Life after the Ph.D.

• Berglind Smaradottir, UiA: Experiences from doing a Phd in ICT at the University of Agder – How to find a job afterwards?
• Bikash Agrawal, UiS: A journey from PhD to Startup

1650-1700 Election of two COINS student representatives

To register,

1. register for NISK, then
2. fill in an application for funding (type of support: “Ph.D. student seminar”).

Please note that owing to flight/hotel capacity, COINS only supports students that attend both the Ph.D. student seminar and NISK.

Logistics

The seminar will take place on Tuesday afternoon. NISK will start Wednesday morning (until Thursday evening). There are not many places to stay in Longyearbyen, so we suggest to follow the recommendations for accommodation by NISK organizers.

COINS students get coverage for travel (least expensive practical alternative t/r Longyearbyen) and accommodation (COINS+NISK). Students without a regular paper, i.e. none or a poster, get coverage for the NISK conference fee; authors of full papers get funding for the conference fee only if they in addition register for IMT6004. This results from the longstanding COINS policy that presentations of full papers are considered to be in the responsibility of the student’s department.

NISK: You need to wear your COINS t-shirt and/or hoodie and upload a picture of you wearing it at the conference. You need to submit a 2 page travel report on your participation that can be shared with other COINS students and can be published on the COINS website after the event. If you present a poster at NISK, you send us a picture of you presenting the poster with a COINS logo instead of a travel report. If you enrol in IMT6004, you send us an extended travel report detailing the presentations you attended, questions that were asked, and important points from discussions at the conference.

COINS supervisors get coverage for travel (least expensive practical alternative t/r Longyearbyen) and accommodation related to their Ph.D. student seminar participation. COINS does not pay for supervisor attendance or participation at NISK, but you are welcome to book your flight so that you can attend NISK with your own funding.

SWITS students and Ph.D. students from COINS partners get coverage for travel (least expensive practical alternative t/r Longyearbyen) and accommodation under the same conditions as COINS students.
COINS does pay for accommodation and NISK attendance for students that attend both the COINS seminar and NISK, present a poster, wear a COINS t-shirt throughout the NISK conference, acknowledge COINS funding on their poster and document their contribution by two photos of them taken at the conference and by writing a one page report on their seminar participation that can be published.

All inquiries can be sent to info@coinsrs.no.

ECTS credits

Participating COINS Ph.D. can obtain ECTS credits that might be used towards the taught component of their Ph.D. programme.

Students need to enrol in “IMT6004 COINS Workshop” at NTNU to be formally allowed to get ECTS credits according to the requirements in the course description. (If you have taken IMT6004 before, you can enrol in “IMT6005 COINS Workshop II” (or “IMT6006 COINS Workshop III”).

Please indicate in your application for funding or by email to info@coinsrs.no if you are interested in enrolling in IMT6004. Students get a transcript from NTNU documenting their participation and then need to present it to their local COINS member institution. All consortium members agreed that participation in IMT600x would be recognised as being eligible for consideration towards the taught component of the Ph.D. programmes.

The training school was co-organised with the COST action IC1306 “Cryptography for Secure Digital Interaction” and contained lectures on symmetric cryptography as well as lectures and discussions on blockchain technologies.

One of the focuses of the school was on modes of operation and authenticated encryption. Many applications require to guarantee both confidentiality and integrity of the data. A standard algorithm for symmetric encryption consists in using a block cipher, typically the AES, together with a mode of operation (e.g. CBC or CTR) which enables to handle variable-length messages. There is no such solution for authenticated encryption which is satisfactory both in terms of performance and security. Therefore, the on-going Caesar competition has been launched in 2014 in order to design and analyze new authenticated encryption schemes suitable for widespread adoption.

One of the hot topics in cryptology at the moment is blockchain. Bitcoin is the first example of a blockchain and it has spawned a lot of attention. A block chain is constructed using a cryptographic hash function. Cryptologists do not seem to agree on the impact and importance of the blockchain technology. Thus, there was a session in the school with different views on the topic.

The goal of the school was to give students a thorough introduction to the state-of-the-art within symmetric cryptology covering both the theoretical side (design and cryptanalysis of symmetric cryptographic primitives and provable security) and the practical side (practical cryptanalysis in exercise sessions). The school had two streams: basic principles of symmetric cryptography and advanced topics, like modes of operation, authenticated encryption and blockchain technologies.

The school was suitable for Master students with a background in cryptography and security; PhD students and security experts from industry.

COINS supported Diana Davidova and Navid Ghaedi Bardeh to attend the COST Training School on Symmetric Cryptography and Blockchain in Torremolinos, Spain.

The Norwegian Information Security Conference (no. Norsk Informasjonssikkerhetskonferanse – NISK) is a national conference that brings together researchers in IT-security, mainly from national community, but also from the international community.

NISK 2017 was organized in conjunction with NIK, NOKOBIT, and UDIT conferences. The conference was supported by the IKTPluss programme of the Norwegian Research Council (NFR).

COINS supported Ijlal Loutfi to attend the NISK 2017 conference in Oslo, Norway.

The title of his thesis is “Selected x86 Low-level Attacks and Mitigations” and the given topic for his trial lecture was “Blockchain, nyere trender innenfor digital valuta, alternativer til bitcoin”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First opponent: Postdoctoral Researcher Dennis Andriesse, Department of Computer Science, Vrije Universiteit Amsterdam, The Netherlands.
• Second opponent: Postdoctoral Fellow Laszlo Erdodi, Department of Informatics, University of Oslo, Norway.
• Committee member: Senior Research Scientist Håvard Raddum, Simula, University of Bergen.

Christian Wilhelm Otterstad carried out his PhD work at the Department of Informatics, University of Bergen. His main supervisor was Professor Øyvind Ytrehus, Department of Informatics, University of Bergen and Co-supervisor was Professor Kjell Jørgen Hole, Department of Informatics, University of Bergen.

Congratulations!

OffensiveCon Berlin was a highly technical international security conference focused on offensive security only. The aim of OffensiveCon was to bring the community of hackers together for high quality and deep technical talks, engaging and renowned technical trainings. The talks at OffensiveCon were focused on offensive IT security topics such as vulnerability discovery, advanced exploitation techniques and reverse engineering.

The conference brought superb and unique speakers while offering affordable ticket prices for everyone. The conference was constructed as a single track of talks for two full days as well as technical trainings held in the days before the conference. Moreover, the conference was hosting lightning talks as well, where attendees had a chance to present any topic related to offensive security for 15 minutes to the entire audience.

COINS supported Ramtin Aryan to attend the Offensive Security Conference 2018 in Berlin, Germany.

Andrii Shalaginov successfully completed his PhD trial lecture and thesis defense at the Norwegian University of Science and Technology on Friday, the 16th of February 2018 and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Advancing Neuro-Fuzzy Algorithm for Automated Classification in Largescale Forensic and Cybercrime Investigations: Adaptive Machine Learning for Big Data Forensic” and the given topic for his trial lecture was “Internet of Things security and forensics: Challenges and opportunities”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• • First external opponent: Professor Ajith Abraham, IEEE, Faculty of Electrical Engineering and Computer science VSB-Technick Univerzita Ostrava, Czech Republic.
  • Second external opponent: Associate Professor Magnus Almgren, Institution før Data- och informationsteknik, avdelning Nätverk och system, Chalmers Tekniska Høgskola, Sweden.
  • Internal member: Associate Professor Basel Katt, Department of Information Security and Communication Technology, NTNU.
  • Committee administrator: Associate Professor Laura Georg, Department of Information Security and Communication Technology, NTNU.

Andrii Shalaginov carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik. His main supervisor was Professor Katrin Franke, Department of Information Security and Communication Technology, NTNU in Gjøvik and co-supervisors was Professor Slobodan Petrovic, Department of Information Security and Communication Technology, NTNU in Gjøvik and Professor Mario Köppen, Graduate School for Creative Informatics, Kyushu Institute of Technology.

Congratulations!

COINS supported Shukun Tokas to attend Andrii Shalaginov’s defence in Gjøvik, Norway.

The title of his thesis is “Securing Tactical Service Oriented Architectures” and the given topic for his trial lecture was “Intrusion Detection Systems for Collaborative Mobile Ad Hoc Networks”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Associate Professor Paulo Cesar G. da Costa, George Mason University, C4I & Cyber Center, Volgenau School of Engineering, USA.
• Second external opponent: Associate Professor Orazio Tomarchio, University of Catania, Dep. of Electrical, Electronic and Computer Engineering, Italy.
• Internal member: Associate Professor Karin Bernsmed, Department of Information Security and Communication Technology, NTNU, Norway.
• Committee administrator: Professor Sokratis Katsikas, Department of Information Security and Communication Technology, NTNU.

Vasileios Gkioulos carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik. His main supervisor was Professor Stephen Wolthusen, Department of Information Security and Communication Technology, NTNU in Gjøvik and co-supervisor was Professor Slobodan Petrovic, Department of Information Security and Communication Technology, NTNU in Gjøvik.

Congratulations!

Martin Strand successfully completed his PhD trial lecture and thesis defense at the Norwegian University of Science and Technology on Thursday, the 1st of February 2018 and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Fully homomorphic encryption with applications to electronic voting” and the given topic for his trial lecture was “Multilinear maps and indistinguishability obfuscation”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

First external opponent: Associate Professor Berry Schoenmakers, Technische Universiteit Eindhoven, The Netherlands.
Second external opponent: Professor Kristian Ranestad, University of Oslo, Norway.
Committee member and administrator: Professor Øyvind Solberg, Department of Mathematical Sciences, NTNU, Norway.

Martin Strand carried out his PhD work at the Department of Mathematical Sciences, NTNU in Trondheim. His main supervisor was Professor Kristian Gjøsteen, Department of Mathematical Sciences, NTNU in Trondheim and co-supervisor was Professor Aslak Bakke Buan, Department of Mathematical Sciences, NTNU in Trondheim.

Congratulations!

Ctirad Sousedik successfully completed his PhD trial lecture and thesis defense at the Norwegian University of Science and Technology on Tuesday, the 30th of January 2018 and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Presentation Attack Resistant Fingerprint Biometrics –using Optical Coherence Tomography” and the given topic for his trial lecture was “OCT Fingerprint Sensing Technology: Benefits and Challenges”.

Fingerprints are one of the best investigated biometric characteristics with a long history of person identification regarding law enforcement. A wide range of automated fingerprint sensing and recognition solutions exist.

However, the existing solutions still suffer from significant weaknesses regarding the problem of detecting artefact fingerprint representations, which greatly limit their applicability for unsupervised identification scenarios such as automated border control.

In his thesis, Sousedik investigated Optical Coherence Tomography as a novel scanning technology for fingerprint sensing, with the aim of developing a fingerprint sensor that is very difficult to deceive with artefact fingerprints and as such would offer a solution to the problem.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

First external opponent: Professor Dr. Anil K. Jain, Department of Computer Science and Engineering , Michigan State University, USA.
Second external opponent: Dr. Arjan Kuijper, Fraunhofer Institute for Computer Graphics Research IGD & Technische Universität Darmstadt, Germany.
Internal member: Professor Dr. Anne C. Elster, Department of Computer Science, NTNU, Norway.
Committee administrator: Professor Stephen Wolthusen, Department of Information Security and Communication Technology, NTNU.

Ctirad Sousedik carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik. His main supervisor was Professor Christoph Busch, Department of Information Security and Communication Technology, NTNU in Gjøvik and co-supervisor was Professor Patrick Bours, Department of Information Security and Communication Technology, NTNU in Gjøvik.

Congratulations!

The title of his thesis is “Data Loss Prevention for Cross-Domain Information Exchange”.

In this thesis, novel methods are introduced for preventing and detecting incidents where sensitive data is leaked to third parties. The methods proposed are especially suitable for situations where isolated military systems are to be connected.

Loss of sensitive data is a widespread problem with potentially severe consequences. The topic of this thesis revolves around the construction of methods for detecting and preventing such incidents in situations where it is necessary to exchange information across computer systems. This is a scenario which is common in the military sector where one often needs to transfer information between systems that have been compartmentalised for security reasons. Increasingly data labellingbased security mechanisms are also being utilized in the civilian sector.

The users of existing systems must manually specify the security classification level for each individual file before it can be transferred. For example, an email can be labelled as “Unclassified” before it is sent to an external recipient. This assumes that the user is behaving non-maliciously and always assigns the correct security labels. To address this shortcoming, we have developed mathematical methods that, using the textual contents, predicts the appropriate security classification level. By inspecting all documents that are transferred between computer systems we are then able to decrease the likelihood of sensitive data leaking to third parties.

The work has been conducted at the Norwegian Defence Research Establishment in collaboration with the Institute of Technology Systems.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

First opponent: Associate Professor Stefan Axelsson, Department of Information Security and Communication Technology, NTNU, Norway.
Second opponent: Research Associate Kellyn Rein, Fraunhofer FKIE, Standort Wachtberg, Germany.
Third opponent: Professor Tor Skeie, Department of Informatics, University of Oslo.
Chair of defence: Professor Fritz Albregtsen, Department of Informatics, University of Oslo.

Kyrre Wahl Kongsgård carried out his PhD work at the Department of Informatics, University of Oslo. His main supervisor was Associate Professor Nils Agne Nordbotten, Department of Informatics, University of Oslo and Co-supervisor was Professor Federico Mancini, Norwegian Defence Research Establishment.

Congratulations!

22nd of September Kyiv became an epicentre of blockchain-insights and expertise. Leading world and Ukrainian experts shared relevant information on successful applications of advanced blockchain technology in various industries and told about fintech trends, the future of ICO and crypto currency. BlockchainUA brought together 1000+ participants, including leading industry experts, representatives of the state sector, business and financial sector, investors, start-ups and IT-developers.

More than 50 experts from 10 countries spoke about their experiences and development opportunities of blockchain technology in the financial industry.

The conference included the following platforms: Main Stage that covered the issues of key blockchain trends, practical application of the technology and its prospects; Product Stage, where product solutions with the use of distributed technologies were represented; and the Tech Stage, where a pitch-session for start-ups took place.
All participants were able to visit exhibition area – Startup Alley, where leading blockchain industry companies presented their solutions.

COINS supported Dmytro Piatkivskyi to attend the BlockchainUA in Kyiv, Ukraine.

The title of her thesis is “Low-Latency Key Exchange and Secure Channels” and the given topic for his trial lecture was “Functional encryption”.

In this growing and changing world, flexibility and adaptability in communication are
increasingly prioritized. As such, security demands must also adapt, and there is an
ever-present challenge to achieve optimal security in these new settings. Consequently,
Britta Hale’s thesis addresses security considerations under non-traditional settings. She starts by considering data sent before a key exchange, progressing to data sent in parallel to a protocol, and then to varying data and channel demands after a key exchange has taken place. These results are meaningful for researchers and implementors alike, providing constructions and models and enabling identification of the strengths and weaknesses of cryptographic schemes and protocols.

The following committee has been appointed to evaluate her thesis, trial lecture and defense:

First external opponent: Dr. Jan Camenisch, IBM Research, Zürich, Switzerland.
Second external opponent: Adjunct Professor Michel Abdalla, Ecole Normale Supérieure, Paris, France.
Committee member and administrator: Professor Kristian Gjøsteen, Department of Mathematical Sciences, NTNU, Norway.

Britta Hale carried out her PhD work at the Department of Information Security and Communication Technology, NTNU in Trondheim. Her main supervisor was Professor Colin Boyd, Department of Information Security and Communication Technology, NTNU Trondheim, Norway.

Congratulations!

The title of his thesis is “A Modular Security Analysis of EAP and IEEE 802.11” and the given topic for his trial lecture was “Group key exchange”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

First external opponent: Professor Liqun Chen, University of Surrey, Great Britain.
Second external opponent: Professor Tibor Jager, Paderborn University, Germany.
Committee member and administrator: Professor Kristian Gjøsteen, Department of Mathematical Sciences, NTNU.

Håkon Jacobsen carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Trondheim. His main supervisor was Professor Danilo Gligoroski, Department of Information Security and Communication Technology, NTNU in Trondheim and co-supervisor was Professor Colin A. Boyd, Department of Information Security and Communication Technology, NTNU in Trondheim.

Congratulations!

CHES is the leading conference on hardware security and the largest international cryptography conference.

The annual CHES conference highlighted new results in the design and analysis of cryptographic hardware and software implementations. The workshop built a valuable bridge between the research and cryptographic engineering communities and attracted participants from industry, academia, and government organizations. In addition to a single track of high-quality presentations, CHES 2017 offered invited talks, tutorials, a poster session, and a rump session.

COINS supported Xiaojie Zhu to attend the Conference on Cryptographic Hardware and Embedded Systems 2017 in Taipei, Taiwan.

The use of data science for cyber-security applications is a relatively new paradigm. This includes deployment of statistical methodology, machine learning, and Big Data analytics for network modelling, anomaly detection, forensics, risk management, and more.

This conference aimed to showcase cutting-edge research in statistical cyber-security in academia, business and government, as well as helped to align these endeavours.

This was the third of a biennial series of workshops on the topic.

COINS supported Ijlal Loutfi to attend the Data Science for Cyber-Security conference in London, UK.

The MMS workshop was held in Svolvær, in the archipelago Lofoten, Norway during September 4-8, 2017.

The program was constructed around a series of tutorial talks by the number of invited speakers. Topics included:

• foundational theory in cryptography
• the design, proposal, and analysis of cryptographic primitives
• coding theory
• sequences and their applications in coding theory and cryptography
• correlation and transformation of Boolean functions
• finite fields theory and its application in cryptography in cryptography.

COINS supported six students to attend the Mathematical Methods for Cryptography workshop in Svolvær, Norway.

Here are their pictures and reflection reports:

• Bo Sun
• Irene Villa
• Navid Ghaedi Bardeh
• Isaac Andres Canales Martinez
• Andrea Tenti
• Nikolay Stoyanov Kaleyski

Workshops were held in conjunction with the Symposium, on September 14-15, 2017

COINS supported four students to attend the ESORICS 2017 in Oslo, Norway.

Here are their pictures and reflection reports:

• Dmytro Piatkivskyi
• Sergii Banin
• Ijlal Loutfi
• Christopher Carr

The Secure Cloud Services and Storage Workshop 2017 was held in Oslo, Norway on the 10th of September 2017.

COINS supported three students to attend the Secure Cloud Services and Storage Workshop 2017s in Oslo, Norway.

Here are their pictures and reflection reports:

• Britta Hale
• Martin Strand
• Ijlal Loutfi

The topic of the summer school – secure implementation of cryptographic software – was chosen based on a poll among COINS students.

Six invited lecturers, sixteen students from COINS and SWITS, an international researcher, supervisors and an industry representative contributed to the programme. The topics of the lectures were:

• Lejla Batina, Radboud University: Attacks on embedded crypto implementations
• Justin Cappos, New York University: Securing software development for computationally weak devices
• Paris Kitsos, Digital IC dEsign and Systems Lab (DICES Lab), Computer and Informatics Engineering Dept (CIED), TEI of Western Greece, Patras, Greece: Detection of Hardware Trojans
• Mark Ryan, University of Birmingham: Protection of code execution using Intel SGX
• Peter Schwabe, Radboud University: Optimizing crypto software on embedded microcontrollers
• Alexandra Weber, Darmstadt University of Technology: Approaches to Reliable Side-Channel Security

An example of summer school report by Alexander Lindner (SWITS).

The BFA  workshop 2017 was held in Os, south of Bergen, Norway during July 3-8, 2017.

Topics included:

• foundational theory of Boolean functions and discrete structures
• the design, proposal, and analysis of cryptographically significant (vectorial) Boolean functions
• the theory and construction of quantum Boolean functions
• the theory of finite fields and its applications in cryptography and coding theory
• the applications of Boolean and vectorial functions to FHE, SCA counter-measures, affine extractors etc.

COINS supported three students to attend the Boolean Functions and their Applications in Os, Norway.

Here are their pictures and reflection reports:

• Irene Villa
• Bo Sun
• Navid Ghaedi Bardeh

The title of his thesis is “Scalable Data Processing and Analytical Approach for Big Data Cloud Platform” and the given topic for his trial lecture was “Fog computing for big data processing”.

In the current “information explosion era”, data is increasing dramatically every year. Tackling the challenges posed by collecting large-scale data is trending to a superabundance of data management systems characterized by horizontal scalability.
Data has become a critical commodity in organizations and data analysts are struggling to make optimal business decisions, due to the challenges in Big Data management: volume, velocity, variety, veracity, and value. Large-scale data analytics is turning into a computational resource paradigm due to already unprecedented yet fast growing requirements such as scalability, data intensiveness, high availability, fault tolerance,
and the ability to handle diverse data structures. As these problems grow in scale, parallel computing resources are required to meet computational and memory requirements. The growing demand for large-scale data analysis and mining applications has resulted in both industry and academia designing highly scalable data-intensive computing platforms.
Large-scale analysis requires clusters of connected computers to allow high performance in environments such as cloud computing. As cloud computing clusters grow in size, the following key challenges have arisen: heterogeneity of the system, hidden complexities, time limitations, and scalability. Other challenges such as failure prediction and anomaly detection of components in the cluster components are also important factors that must be addressed while running Big Data applications. Although, some solutions to these challenges are already available for small-scale systems, a scalable approach for effective performance diagnosis and pre-diction is needed. This dissertation addresses these needs and proposes solutions (like a distributed scalable analytics framework) that enrich the cloud platform and enable high-performance processing on a large scale. The contribution of this dissertation is demonstrated by applying state-of-the-art processing framework and consequently improving data center overall performance by predicting failures and detecting anomalies. The framework enables Big Data applications to gain an advantage using cloud computing such as scalability and elasticity.
Additionally, it proposes a state-of-art solution for permanently deleting data stored by Big Data applications. Herein solutions for securely deleting cloud data are evaluated, and a novel secure deletion tool for Hadoopclusters is also proposed.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Assistant Professor Artur Klepaczko, Lodz University of Technology, Poland.
• Second external opponent: Professor Yan Zhang, University of Oslo, Norway.
• Committee member and administrator: Assistant Professor Erlend Tøssebro, Faculty of Science and Technology, Department of Electrical and Computer Engineering,  University of Stavanger, Norway.

Bikash Agrawal carried out his PhD work at the Department of Electrical Engineering and Computer Science, University of Stavanger. His main supervisor was Associate Professor Tomasz Wiktorski, University of Stavanger and a co-supervisor Professor Chunming Rong, University of Stavanger.

Congratulations!

COINS supported two students to attend the Summer School on Cybersecurity and Privacy (CySeP) in Stockholm, Sweden.

Here are their pictures and reflection reports:

• Jayachander Surbiryala
• Xiaojie Zhu

The title of his thesis is “Cyber Security Risk Assessment Practices. Core Unified Risk Framework” and the given topic for his trial lecture was “Security in the Internet of Things: Key Threats and Controls”.

The media reports new incidents caused by poor information security practices on a daily basis. Be it e-mail leakages, vulnerable industrial control systems, breached political parties, or third-parties causing trouble, it is all caused by poor security risk management practices. The complexity in the information and cyber security domain increases on a daily basis, which makes identifying, analyzing, and controlling the relevant risk events a major challenge. Gaining the upper hand and becoming proactive in the security work is a big piece of the puzzle. Wangen’s research addresses several aspects of Cyber and Information Security Risk Assessment (ISRA) and Management (ISRM) Practices and contributes to novel research problems, methods, models, and knowledge within the discipline.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Sabrina De Capitani Di Vimercati, Università degli Studi di Milano, Italy.
• Second external opponent: Professor Mathias Ekstedt, Royal Institute of Technology, Stockholm, Sweden.
• Committee member and administrator: Professor Guttorm Sindre, Department of Computer Science, Faculty of Information Technology and Electrical Engineering, NTNU.

Gaute Bjørklund Wangen carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik. His supervisor was Professor Einar Snekkenes, Department of Information Security and Communication Technology, NTNU in Gjøvik and co-supervisor was Professor Stewart Kowalski, Department of Information Security and Communication Technology, NTNU in Gjøvik.

Congratulations!

We had two and a half days packed with presentations, discussions, exchange of experiences, and networking opportunities for students doing research in information security in Norway and Sweden.

Thanks to all participants, you were an amazing group!

COINS supported Navid Ghaedi Bardeh to attend the Spring School on Lattice-Based Cryptography in Oxford, England.

The 2nd EuroS&P edition was held on April 26-28, 2017 in Paris at UPMC Campus Jussieu, right before EUROCRYPT 2017, which also has happened in Paris. The affiliated events were organized jointly with EUROCRYPT on April 29-30, 2017.

COINS supported three students to attend the 2nd EuroS&P in Paris, France.

Here are their pictures and reflection reports.

• Romina Muka
• Chris Carr
• Ashish Rauniyar

The conference brought together experts and young researchers from all over the world to exchange ideas and discuss recent developments in the areas that have interested Pr. C. Carlet. The presentations focused on some of the many topics that Claude has worked on during his career; like error correcting codes, Boolean functions for cryptography and bent functions, substitution boxes for block ciphers, authentication schemes, secret sharing, side channel attacks, and recently fully homomorphic encryption; and other topics as well, like information theory, algebraic cryptanalysis and polynomial systems, quantum cryptology, protocols based on the identity or attributes, algebraic identification, signature and non-repudiation, communications and network security, Internet of Things and Mobile agents security.

The presentations focused on some of the many topics that Claude has worked on during his career; like error correcting codes, Boolean functions for cryptography and bent functions, substitution boxes for block ciphers, authentication schemes, secret sharing, side channel attacks, and recently fully homomorphic encryption; and other topics as well, like information theory, algebraic cryptanalysis and polynomial systems, quantum cryptology, protocols based on the identity or attributes, algebraic identification, signature and non-repudiation, communications and network security, Internet of Things and Mobile agents security.

COINS supported Irene Villa to attend the Codes, Cryptology and Information Security Conference in Rabat, Morocco.

The title of his thesis is “Resilience of Infrastructure Networks: Byzantine Consensus, Interdependencies, and Optimisation in Sparse Networks” and the given topic for his trial lecture was “Software Defined Networking and complex networks”.

The thesis investigates topics regarding the fact that our growing dependence on critical infrastructure systems demands highly available systems that provide an efficient, reliable, and secure service, even in the presence of malicious attacks.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Researcher Dr. Gilles Tredan, Laboratory for Analysis and Architecture of Systems, France.
• Second external opponent: Associate Professor Rebecca Montanari, Department of Informatics, University of Bologna, Italy.
• Internal opponent: Professor Sokratis Katsikas, Department of Information Security and Communication Technology, NTNU in Gjøvik.
• Administrator for the assessment committee: Associate Professor Sokratis Katsikas, Department of Information Security and Communication Technology, NTNU in Gjøvik.
• Dean Nils Kalstad Svendsen, Department of Information Security and Communication Technology, NTNU in Gjøvik, led disputation.

Goitom Kahsay Weldehawaryat carried out his PhD work at the Department of Information Security and Communication Technology, NTNU in Gjøvik. His supervisor was Professor Stephen Wolthusen, Department of Information Security and Communication Technology, NTNU in Gjøvik and co-supervisor was Professor Slobodan Petrovic, Department of Information Security and Communication Technology, NTNU in Gjøvik.

Congratulations!

The title of his thesis was “SPARQL on the Open, Decentralised Web“.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Research Associate Andreas Harth, AIFB, Karlsruhe Institute of Technology, Germany.
• Second external opponent: Associate Professor Katja Hose, Department Of Computer Science, Aalborg University, Denmark.
• Internal opponent: Associate Professor Volker Stolz, Department of Informatics, University of Oslo.
• Administrator for the assessment committee: Associate Professor Ellen Munte-Kaas, Department of Informatics, University of Oslo.

Kjetil Kjernsmo carried out his PhD work at the Department of Informatics, Univerity of Oslo. His main supervisor was Professor Martin Giese, Department of Informatics, University of Oslo. His co-supervisor was Arild Waaler, Department of Informatics, University of Oslo

Congratulations!

Registration forms: Registration for SWITS members – Registration for COINS members

Agenda

Wednesday 7 June 2017 (focus on COINS)

All sessions on Wednesday take place in room Dag Hammarskjöld

1130 Lunch & networking
1300-1430 Session COINS A: Invited presentation: Life after the Ph.D. [Kassaye Yitbarek Yigzaw, Yi-Ching Liao]
1430-1440 Break
1440-1530 Session COINS B
– “I attended an event with COINS funding. Here is what I learned.”
1530-1600 Fika
1600-1630 Session COINS C: Opportunities in the IT security sector after the Ph.D. [Davrondzhon Gafurov, Norwegian Directorate of eHealth; Lukas Rist, Symantec; Kyrre Wahl Kongsgård, FFI]
1630-1800 Session COINS D: Trial defence “Data Loss Detection and Prevention for Secure Cross-Domain Information Exchange”; candidate Kyrre Wahl Kongsgård, committee Slobodan Petrovic, Edgar Alonso Lopez Rojas
1800 Dinner
After dinner activity: Election of student representatives

Thursday 8 June 2017 (joint SWITS/COINS)

All sessions on Thursday take place in room Einar Gerhardsen unless stated otherwise

0900-1030 Session COINS E
– COINS 2017: Metochi summer school, ESORICS doctoral consortium; room: Einar Gerhardsen
– COINS 2018: Finse winter school, Metochi summer school, Ph.D. student seminar and NISK on Svalbard; room: Einar Gerhardsen
– COINS steering committee meeting; room: Tage Erlander 1

1030-1045 Break
1045-1130 Official Opening: Welcome, introduction, research group presentations (Chairs: Simone Fischer-Hübner, Hanno Langweg)
1130 Lunch
1230-1350 Session SWITS/COINS I – Forensics & IDS (Session chair: Slobodan Petrovic)

• Gunnar Alendal (NTNU), Security vulnerability research for use in digital forensics
• Asif Iqbal (KTH Royal Institute of Technology), Digital Forensic Readiness in Critical Infrastructures: A case of substation automation in the power sector
• Chih-Yuan Lin (Linköping University), Timing-based Anomaly Detection in SCADA Networks
• Artem Voronkov (Karlstad University), Measuring the Usability of Firewall Rule Sets

1350-1400 Break
1400-1500 Session SWITS/COINS II – Distributed Systems Security (Session chair: Simin Nadjm-Tehrani)

• Xiaojie Zhu (University of Oslo), Framework for outsourcing location-based services
• Thomas Rosenstatter (Chalmers University of Technology), Vehicular Security: On Mapping Automotive Security Levels to System Requirements
• Romina Muka (NTNU), A critical review on Wireless Body Area Networks Security

1500-1530 Fika
1530-1630 Session SWITS/COINS III – Security & Identity Management (Session chair: Sonja Buchegger)

• Martin Brodin (University of Skövde), A framework for mobile device strategy
• Erik Bergström (University of Skövde) and Martin Lundgren(Luleå University of Technology), An emergent dynamic risk-based information classification process
• Stewart Kowalski (NTNU), Security Chains that bind us: A Mental Model Approach to Comparing Security Culture in Norway and Sweden

1630-1800 Parallel sessions SWITS/COINS IVa, IVb, IVc

• SWITS/COINS IVa – Panel: Ask the Professor (Session chairs: Andrii Shalaginov, Farzaneh Karegar); room: Einar Gerhardsen
• SWITS/COINS IVb – Focus group on mental models of redaction (Session chairs: Alaa Alaqra, Simone Fischer-Hübner); room: Tage Erlander 1
• SWITS/COINS IVc – Working group Cyber Security Challenge & Capture the Flag, preparation and courses (Session chairs Hanno Langweg, Felix Schuckert, Lothar Fritsch, Stewart Kowalski); room: Kungaterrassen
• Groups decide individually when to have breaks

1800 Dinner

After dinner: Visit of the Holmenkollen Ski museum (guided tour)

Friday 9 June 2017

All sessions on Friday take place in room Einar Gerhardsen

0900-0920 Summary of working groups results
0920-1040 Session SWITS/COINS V – Privacy (Session chair: Christian Rohner)

• Daniel Bosk (KTH Royal Institute of Technology), On sharing private calendars and scheduling meetings
• Alaa Alaqra (Karlstad University), Users’ perspectives of redacting medical documents
• Farzaneh Karegar (Karlstad University), Enabling Informed Decisions with Social Login
• Hamid Ebadi Tavallaei (Chalmers University of Technology), Local Differential Privacy Framework

1040-1050 Break
1050-1130 Session SWITS/COINS VI – Cryptography (Session Chair: Edgar Alonso Lopez Rojas)

• Lamya Abdullah (Friedrich-Alexander-Universität Erlangen/Uniscon), Implementing Secure Multiparty Computation using Sealing
• Christopher Carr (NTNU), Scaling and fairness in modern cryptocurrencies

1130 Lunch

1230-1330 Session SWITS/COINS VII – Attacks and Protection (Session chair: Magnus Almgren)

• Ala Berzinji (Stockholm University), Cyber terrorism and Counter it on the Dark Web
• Linus Karlsson (Lund University), Bootstrapping trust
• Felix Schuckert (NTNU), Source Code Patterns of SQL Injection Vulnerabilities

1330-1340 Break
1340-1410 Session SWITS/COINS VIII – I moved from Norway to Sweden (or vice versa): Here is what I learned (Contributions by Lothar Fritsch, Stewart Kowalski, Edgar Lopez Rojas, and others)
1410-1430 Closing

• Summing up of seminar results, future of SWITS and COINS activities
• End of SWITS/COINS seminar 2017
• Coffee, departure, enjoy Oslo

To register, fill in the registration form:
Registration for SWITS members –
Registration for COINS members

Logistics

The seminar will take place at the Voksenåsen centre. Wednesday will be a COINS day, and Thursday+Friday will be a joint SWITS/COINS seminar. We have a number of rooms reserved at the centre. Once all rooms are booked, you need to find accommodation elsewhere in Oslo.

Useful links:

• http://www.voksenaasen.no
• http://www.visitoslo.com/en/transport/to-oslo/
• http://www.openstreetmap.org/#map=19/59.97535/10.66545
• https://ruter.no

SWITS members pay a highly subsidised registration fee, thanks to MSB and COINS. kr. 400 per night for single accommodation, kr. 0 if you share a double room, kr. 0 if you organise accommodation by yourself. All payments need to be made by payment card at the Voksenåsen hotel reception desk. Please note that this also applies to those staying at Soria Moria, they also need to pay to Voksenåsen, not to Soria Moria.

COINS students and their supervisors get coverage for travel (least expensive practical alternative t/r Oslo) and accommodation.

All inquiries can be sent to info@coinsrs.no.

ECTS credits

Participating COINS Ph.D. students can obtain ECTS credits that might be used towards the taught component of their Ph.D. programme.

Students need to enrol in “IMT6004 COINS Workshop” at NTNU to be formally allowed to get ECTS credits according to the requirements in the course description. (If you have taken IMT6004 before, you can enrol in “IMT6005 COINS Workshop II” or “IMT6006 COINS Workshop III”.

Please indicate in your registration for funding or by email to info@coinsrs.no if you are interested in enrolling in IMT6004. Students get a transcript from NTNU documenting their participation and then need to present it to their local COINS member institution. All consortium members agreed that participation in IMT600x would be recognised as being eligible for consideration towards the taught component of the Ph.D. programmes.

The title of his thesis is “Towards Practical Privacy-Preserving Distributed Statistical Computation of Health Data” and the given topic for his trial lecture was “Security and privacy of Bitcoin”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Alan F. Karr, CODA and Social Statistics Program RTI International, USA.
• Second external opponent: Professor Vladimir A. Oleshchuk, Department of Information and Communication Technology, University of Agder.
• Internal opponent: Associate Professor Weihai Yu, Department of Computer Science, UiT – The Arctic University of Norway.
• Administrator for the assessment committee: Associate Professor Weihai Yu, Department of Computer Science, UiT – The Arctic University of Norway.

Kassaye Yitbarek Yigzaw carried out his PhD work at the Department of Computer Science, UiT – The Arctic University of Norway. His main supervisor was Professor Johan Gustav Bellika, Department of Clinical Medicine, Faculty of Health Sciences, UiT – The Arctic University of Norway and the Norwegian Centre for E-health Research at the University hospital of North Norway. His co-supervisors were Associate Professor Anders Andersen, Department of Computer Science, UiT – The Arctic University of Norway; Professor Gunnar Hartvigsen, Department of Computer Science, UiT – The Arctic University of Norway; Professor Fred Godtliebsen, Department of Mathematics and Statistics, UiT – The Arctic University of Norway; Gro Berntsen, Chief Researcher, The National Research Center in Complementary and Alternative Medicine; and Associate Professor Stein Olav Skrøvseth, Centre Director, Norwegian Centre for E-health Research at the University hospital of North Norway.

Congratulations!

The Security Divas 2017 conference took place on the 26th and 27th of January at Strand Hotell in Gjøvik for seven years in a row and collected over 160 women.

Women with an interest in information security and ICT were gathered at Security Divas 2017, a two-day conference focused on the topic of “confidence and trust in the digital society”. New for this year’s conference was a setup of two slots at the end on the first day. One track was about “the digital society” and the second track was more technical and referred to “technology and development.”

Security Divas since its establishment in 2010 has grown to be an important network for women who have also been added positive international attention. It was a great pleasure over the years to have more lectures in English, including Aglika Klayn from the European Cybercrime Centre (EC3) in Europol, this year. Ms. Klayn opened the conference with a post where she explained EC3 its role in fighting cybercrime.

The conference place was full of participants, and professional expert presenters contributed with different perspectives on the topic “security and confidence in the digital society.” There were many opportunities to present and to acquire new insights and be inspired by others.

COINS supported Tetiana Yarygina to attend the Security Divas  2017 in Gjøvik, Norway. Here is her travel report

International Conference BIP001 was a focused and compact meeting of blockchain professionals, dedicated to discussing the application of Blockchain technology to existing problems in the society. The aim of the conference was to gather the greatest influencers within the blockchain space and combine several days of serious discussions with excellent networking.

COINS supported Dmytro Piatkivskyi to attend the BIP001 2017 in Kiev, Ukraine.

The conference was comprised of the NIK, NOKOBIT, NISK, and UDIT conferences which are all well-established, Norwegian, academic conferences spanning different branches of ICT, computer science, information sciences, and information systems.

The conference was supported by the IKTPluss programme of the Norwegian Research Council.

COINS supported 5 students to attend the NISKt 2016 in Bergen, Norway. Here are their travel reports:

• Dmytro Piatkivskyi
• Felix Schuckert
• Bo Sun
• Xiaojie Zhu
• Manish Shrestha          

The title of her thesis is “Process Tracking for Forensic Readiness” and the given topic for her trial lecture was “Search Algorithms for Intrusion Detection”.

Liao has looked at how companies can collect and preserve potential evidence in advance if they were to experience a cyber attack. Perpetrators need access to system resources to commit cybercrime. Liao has researched opportunities for companies to keep low-level operating system logs. She has found ways that a company can preserve reliable evidence and thus be prepared for a possible digital investigation.

The following committee has been appointed to evaluate her thesis, trial lecture and defense:

• First external opponent: Professor Felix Freiling, Lehrstuhl für Informatik 1, Universität Erlangen-Nürnberg, Germany.
• Second external opponent: Junior Professor Delphine Reinhardt, Institute of Computer Science, Rheinische Friedrich-Wilhelms, Universität Bonn, Germany.
• Internal opponent: Associate Professor Stefan Axelsson, Faculty of Computer Science and Media Technology, NTNU in Gjøvik.
• Administrator for the assessment committee: Professor Slobodan Petrovic, Faculty of Computer Science and Media Technology, NTNU in Gjøvik.
• Head of section Laura Georg, Faculty of Computer Science and Media Technology, NTNU in Gjøvik, led disputation.

Yi-Ching Liao carried out her PhD work at the Faculty of Computer Science and Media Technology, NTNU. Her supervisor was Professor Hanno Langweg, Faculty of Computer Science and Media Technology, NTNU in Gjøvik and Co-supervisor was Professor Katrin Franke, Faculty of Computer Science and Media Technology, NTNU in Gjøvik.

Congratulations!

Kiran Bylappa Raja successfully completed his PhD trial lecture and thesis defense at the Norwegian University of Science and Technology on Friday, the 11th of November 2016 and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Robust Biometric Verification based on the Eye Region – Algorithms for Visible Spectrum Image Data” and the given topic for his trial lecture was “Evading Ubiquitous Face Recognition”.

Popular mobile banking and e-commerce applications like Google Wallet, Apple Pay and Ali Pay have resulted in the use of smartphones for secure access of services via biometric data captured from an embedded sensor.

Now the improved optics on smartphones have been explored for biometric data capture in a contactless manner as well. This can be used for various secure authentication applications. Specifically, the applications are exploring face, periocular and iris characteristics for smartphone-based authentication using the embedded camera.

Raja presented a set of robust algorithms and techniques to use iris, periocular and face data for authentication applications when captured from smartphones in the visible spectrum. He has improved the biometric systems by detecting spoofing attacks and thereby making the authentication applications trustworthy on smartphones.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Dr. Arun Ross, Department of Computer Science and Engineering, Michigan State University, USA.
• Second external opponent: Professor  Dr. Raul Sanchez-Reillo, Electronics Technology Department, University Carlos III of Madrid, Spain.
• Internal opponent: Associate Professor Dr. Laura Georg, Norwegian Information Security Laboratory (NISlab), Faculty of Computer Science and Media Technology, NTNU in Gjøvik.
• Administrator for the assessment committee: Professor Stephen Wolthusen, Faculty of Computer Science and Media Technology, NTNU in Gjøvik.
• Dean Nils Kalstad Svendsen, Faculty of Computer Science and Media Technology, NTNU in Gjøvik, led disputation.

Kiran Bylappa Raja carried out his PhD work at the Faculty of Computer Science and Media Technology, NTNU. His supervisor was Professor Christoph Busch, Faculty of Computer Science and Media Technology, NTNU in Gjøvik and Co-supervisor was Dr. Raghavendra Ramachandra, Faculty of Computer Science and Media Technology, NTNU in Gjøvik.

Congratulations!

The title of his thesis is “Innovative methods for large-scale fingerprint identification systems” and the given topic for his trial lecture was “Privacy Threats Emanating from Personal Drones”.

Fingerprint recognition has gained wide acceptance and great popularity since fingerprint recognition based applications have been adopted in diverse scenarios. However, new challenges also emerge along with the extensive deployment of these systems. During the recognition process, a shorter response time is always desirable when an individual needs to be identified in a system with a database consisting of millions of fingerprints. Fingerprint protection is also important to avoid the fingerprints being accessible for a third party.

Li has investigated innovative methods which can benefit large-scale fingerprint identification systems in terms of accuracy, efficiency and security. This includes a fingerphoto quality assessment approach, fingerprint indexing in order to accurately and efficiently establish the identity of an individual in large-scale fingerprint identification systems and protection of fingerprint information.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Assistant Professor Dr. Paulo Lobato Correia, Universidade de Lisboa, Portugal.
• Second external opponent: Junior Assistant Professor  Dr. Matteo Ferrara, Universita di Bologna.
• Internal opponent: Associate Professor Dr. Sule Yildirim-Yayilgan, Faculty of Computer Science and Media Technology, NTNU in Gjøvik.
• Administrator for the assessment committee: Professor Stephen Wolthusen, Faculty of Computer Science and Media Technology, NTNU in Gjøvik.
• Professor Stephen Wolthusen led disputation.

Guoqiang Li carried out his PhD work at the Faculty of Computer Science and Media Technology, NTNU. His supervisor was Professor Christoph Busch, Faculty of Computer Science and Media Technology, NTNU in Gjøvik and Co-supervisors were Associate Professor Bian Yang, Faculty of Computer Science and Media Technology, NTNU in Gjøvik and Professor Patrick Bours, Faculty of Computer Science and Media Technology, NTNU in Gjøvik.

Congratulations!

The title of her thesis is “User-centered Design and Evaluation of Health Information Technology“ and the given topic for her trial lecture was “Health Information Technology: Status, trends, issues and challenges”.

The following committee has been appointed to evaluate her thesis, trial lecture and defense:

• First opponent: Dr. Gareth Loudon, Cardiff School of Art & Design.
• Second opponent: Professor Elizabeth Borycki, University of Victoria.
• Professor Andreas Prinz, Univeristy of Agder, was the administrator for the assessment committee.

Berglind Fjóla Smáradóttir carried out her PhD work at the Faculty of Engineering and Science, Univeristy of Agder, Specialisation in Information and Communication Technology (ICT). Her supervisor has been Professor Rune Fensli, University of Agder, while co-supervisor has been Professor Vladimir Oleshchuk, University of Agder.

Congratulations!

Agenda

Sunday 27/11-2016, UiB Høyteknologisenteret, Thormøhlensgate 55 – be there on time, because the building is locked on Sunday

How to get to UiB

0930-1000 Welcome, introduction, presentation of participants
1000-1045 Lessons learned from doing a Ph.D. [Simona Samardziska]
1045-1130 Opportunities across universities: Cryptography, Models, Network Security, Privacy, Secure Software
1130-1145 Identified opportunities

1145-1200 Coffee break

1200-1220 Elevator pitches (chair: Ijlal Loutfi)
1220-1230 Participants report from Mass Surveillance workshop in Trondheim
1230-1315 Working groups, e.g. a) COINS/SWITS seminar in Oslo June 2017, b) IMT6007 COINS IT Security Exercise in 2017, c) If you had the choice, what would you include in your Ph.D. training (and what keeps you from doing it?)
1315-1330 Presentation of working groups results

1330-1430 Lunch (delivered by Peppe’s)

1430-1515 Life after the Ph.D. – Penetration Testing in Financial Institutions [Oleksandr Kazymyrov]
1515-1600 Presentations by participants

• Dmytro Piatkivskyi: Problems of the Lightning network or is Bitcoin scalable yet?
• Sergii Banin: Applying low-level features for malware dissection and detection
• Manish Shrestha: Measurable security and privacy for services on the Smart Electricity Grid

1600-1630 Coffee break

1630-1730 Panel – ask the professor/professional

1930 Dinner (Egon Kjøttbasaren, Vetrlidsallmenningen 2
Map with restaurant location

Monday 28/11-2016, Høgskolen i Bergen, Campus Kronstad, Inndalsveien 28, room E123

How to get to HiB
How to find room E123
The lecture hall is equipped with a projector and a Windows PC with USB port for presentations in PDF or PowerPoint format. An HDMI A full-size port (or an adaptor to HDMI A) is required if you want to use your own PC for presentation.

0930-1045 Simulated Ph.D. defence [candidate Kassaye Yitbarek Yigzaw + committee, 40’+10’+10’+15′]
1045-1130 Presentations by participants

• Felix Schuckert: Insecurity Refactoring
• Ashish Rauniyar: Crowdsourcing-based Disaster Management using Fog Computing in Internet of Things Paradigm
• Kamer Vishi: TBD

1130-1145 Election of COINS student representatives
1145-1200 Closing

1200-1300 Lunch (lunch tickets will be provided at seminar)

(1600-1730 COINS Steering Committee meeting, E507)

To register, fill in an application for funding (type of support: “Ph.D. student seminar”).
Please note that you can stay on in Bergen for NISK, too.

Logistics

The seminar will take place at UiB on Sunday and HiB on Monday. NISK will start at HiB on Tuesday morning. It is up to you where you book your accommodation. NISK has some recommended places on the conference homepage.

COINS students get coverage for travel (least expensive practical alternative t/r Bergen) and accommodation (COINS, NISK). Students without a regular paper, i.e. none or a poster, get coverage for the NISK conference fee; authors of full papers should get funding for the conference fee from their department.
NISK: You need to wear your COINS t-shirt and/or hoodie and upload a picture of you wearing it at the conference. You need to submit a 2 page travel report on your participation that can be shared with other COINS students and can be published on the COINS website after the event. If you present a poster at NISK, you send us a picture of you presenting the poster with a COINS logo instead of a travel report.

COINS supervisors get coverage for travel (least expensive practical alternative t/r Bergen) and accommodation. COINS does not pay for supervisor attendance or participation at NISK, but you are welcome to book your flight so that you can attend NISK with your own funding.

SWITS students and Ph.D. students from COINS partners get coverage for travel (least expensive practical alternative t/r Bergen) and accommodation. COINS does not pay for attendance or participation at NISK, but you are welcome to book your flight so that you can attend NISK with alternative funding.
COINS does pay additionally for accommodation and NISK attendance for students that attend both the COINS seminar and NISK, present a poster, wear a COINS t-shirt throughout the NISK conference, acknowledge COINS funding on their poster and document their contribution by two photos of them taken at the conference and by writing a one page report on their seminar participation that can be published.

All inquiries can be sent to info@coinsrs.no.

ECTS credits

Participating COINS Ph.D. can obtain ECTS credits that might be used towards the taught component of their Ph.D. programme.

Students need to enrol in “IMT6004 COINS Workshop” at NTNU to be formally allowed to get ECTS credits according to the requirements in the course description. (If you have taken IMT6004 before, you can enrol in “IMT6005 COINS Workshop II”.

Please indicate in your application for funding or by email to info@coinsrs.no if you are interested in enrolling in IMT6004. Students get a transcript from NTNU documenting their participation and then need to present it to their local COINS member institution. All consortium members agreed that participation in IMT600x would be recognised as being eligible for consideration towards the taught component of the Ph.D. programmes.

The topic of the summer school – authentication – was chosen by input from COINS students.

Five invited lecturers, sixteen students from COINS and SWITS, and two supervisors contributed to the programme. The topics of the lectures were:

• Mike Just, Heriot-Watt University, Edinburgh, UK: Usable security and authentication
• Paris Kitsos, Digital IC dEsign and Systems Lab (DICES Lab), Computer and Informatics Engineering Dept (CIED), TEI of Western Greece, Patras, Greece: Hardware authenticity – Detection of Hardware Trojans and PUFs
• Herbert Leitold, A-SIT, Austria: Federated identity management, STORK, eIDAS
• Ravi Borgaonkar, University of Oxford: Authentication and related threats in 2G/3G/4G networks
• Yong Guan, Iowa State University, USA: Network Forensics – Challenges and Open Problems

Most of the participants had used the opportunity to pay a visit to ENISA in Athens on the way to the summer school on the island.

• An example of summer school report by Andrii Shalaginov.
• An example of summer school report by Herman Galteland.
• An example of summer school report by Martin Strand.
• An example of summer school report by Vasileios Gkioulos.

The school brought together PhD students, postdoc researchers and security experts from industry of

• Secure hardware and physical security
• Cryptography for the Internet
• Formal methods in cryptography
• Wireless security
• Crypto for systems security
• Privacy enhancing technologies
• Traffic analysis and countermeasures
• Recent developments in symmetric-key crypto

COINS supported Ilir Bytyci to attend the Summer school on real-world crypto and privacy 2016 in in Šibenik, Croatia. Here is his travel report

The northernmost crypto workshop ever organised, Arctic Crypt 2016, took place in the period of July 17-22 in spectacular arctic surroundings under the midnight sun in Longyearbyen, Svalbard at 78° north.

The program was constructed around a series of 10-12 invited tutorial talks on any cryptographic topic including, but not limited to:

• Foundational theory
• The design, proposal, and analysis of cryptographic primitives
• Crypto protocols, side-channel attacks, and other aspects of implementation
• Information theoretic approaches to digital security
• Recent trends in cryptography.

COINS supported 7 students to attend the Arctic Crypt 2016 in Longyearbyen, Svalbard. Here are their travel reports:

1. Britta Hale
2. Martin Strand
3. Herman Galteland
4. Tetiana Yarygina
5. Stian Fauskanger
6. Bjørn Greve
7. Shahram Rasoolzadeh

IACR Summer School on Blockchain Technologies “From cryptographic e-cash to modern cryptocurrencies” was the the first summer school on blockchains and cryptocurrencies. The schooling was focused on helping “bridge the gap between the cryptocurrency community and academia”.

IACR was thrilled to host the event with many leading experts from academic backgrounds and executive positions in the industry. Students, researchers or professionals that were interested in the disruptive tech joined the classes in Greece.

COINS supported Chris Carr to attend the IACR Summer School Blockchain Technologies  2016 in Corfu, Greece. Here is his travel report

The title of his thesis is “Using Theories from Economics and Finance for Information Security Risk Management” and the given topic for his trial lecture was “Security and Insecurity with Open Source Software: Past, Present, and Future”.

In his thesis Pandey presents a method for investing in information security risk management. Information security practitioners face a challenging task of assessing the information security risks. Lack of complete information about all vulnerabilities in the system leads to difficulty in assessing the severity of vulnerabilities and estimation of the impact of an attack. There are technical tools to protect against cyber attacks, such as passwords, firewalls etc., and various insurance solutions if one were to be attacked. The problem is that conventional insurance does not have the capacity to cover huge losses. When it comes to cyber attacks losses may involve millions of dollars. In addition, an attack will have negative impact on share price and the organization’s reputation. Investors call for better risk mitigation strategies, and Pandey have chosen to address this issue from an economic perspective.

Gather knowledge to prevent attacks

With several scenarios taken from real life, Pandey presents a type of financial market related to information security, where anyone with knowledge and interest about information security can contribute to and profit from protecting against attacks. This type of market is called Information security prediction market, and can be an effective method to collect and take advantage of information that would otherwise be spread. The market is open to participate in buying and selling a variety of information security derivatives, such as Options. The economic benefit of investments in information security risk management is estimated as the value of the reduction in the impact of an uncertain future event, such as a cyber attack. In this regard it is important to be able to predict the events and their potential impact. All stakeholders have high interest in an attack not occurring. They will thus work towards a common goal to protect, by selling any information they have about software vulnerabilities. That way everyone will have the opportunity to profit from knowledge sharing. If an organization were to be attacked, the stakeholders are so many that it is possible to cover even huge losses. The system thus has the potential to help businesses in cases where they otherwise might not have survived.

Pandey’s research can help to prevent cyber attacks from happening and to mitigate the adverse effects after they have happened.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Dr. Wim Van Grembergen, Information Systems Management Group, University of Antwerp, Belgium.
• Second external opponent: Dr. Janne Hagen, Forsvarets forskningsinstitutt (FFI).
• Internal opponent and administrator for the assessment committee: Professor Dr. Stewart Kowalski, Faculty of Computer Science and Media Technology, NTNU in Gjøvik.
• Dean Nils Kalstad Svendsen led disputation.

Pankaj Pandey carried out his PhD work at the Faculty of Computer Science and Media Technology, NTNU and Faculty of Applied Economics, University of Antwerp. His supervisors were Professor Einar Snekkenes, Faculty of Computer Science and Media Technology, NTNU in Gjøvik and Professor Steven De Haes, Department of Applied Economics, University of Antwerp, Belgium.

Congratulations!

The title of her thesis is “Cryptographic Enforcement of Attribute-based Authentication” and the given topic for her trial lecture was “Security in cloud storage”.

There are currently a lot of cloud-based services, such as cloud storage, cloud computing and data outsourcing. Consider Dropbox, one of the most popular cloud storage applications via which users can create special folders on their computers and save files within. Later, users can access these files from elsewhere, like mobiles, iPads or other computers. In addition, users can share files saved in Dropbox folders with other people. Cloud users can also employ cloud resources to perform complicated calculations. When utilizing cloud facilities, on the one hand, cloud users wish to keep their data safe and undisclosed from other Internet users and even service providers. On the other hand, users may also need more fine-grained control over their data, for example in term of how the data can be accessed.

Attribute-based authentication

To better protect users’ privacy, attribute-based authentication (ABA) offers a more privacy-preserving means of authentication in different access control systems. ABA is an approach of authenticating users according to their attributes, including name, address, phone number and age. By using attributes in place of users’ identity information, ABA presents anonymous authentication, or more specifically, ABA enables keeping users anonymous from their authenticators. In addition, the property of least information leakage provides superior protection of users’ privacy over popular public key-based authentication approaches. This property makes it possible to apply attribute-based authentication schemes in privacy preserving scenarios, like, cloud-based applications.

Cryptographic implementations of ABA schemes

The main focus of this dissertation is to investigate on the cryptographic implementations of ABA schemes, or ways to construct different types of ABA schemes according to various security requirements. In a traceable ABA scheme, normal users cannot acquire any information about the identity of a signer given their signature, but a special authority is necessary to trace the signer’s identity. On the contrary, neither normal users nor authorities can reveal signers’ identities in an untraceable ABA scheme.

More flexible and fine-grained authentication

Based on these two types of basic ABA schemes, hierarchical schemes can be achieved in combination with a hierarchical structure of users or attributes. By using hierarchical ABA schemes, a more flexible and fine-grained authentication and access control approach feasible.

The following committee has been appointed to evaluate her thesis, trial lecture and defense:

• First opponent: Professor Valtteri Niemi, Department of Computer Science, University of Helsinki, Finland.
• Second opponent: Professor Chunming Rong, Faculty of Science and Technology, University of Stavanger.
• Professor Ole-Christoffer Granmo, Univeristy of Agder, was the administrator for the assessment committee.

Huihui Yang carried out her PhD work at the Faculty of Engineering and Science, Univeristy of Agder, Specialisation in Information- and Communication Technology (ICT). Her supervisor has been Professor Vladimir Oleshchuk, University of Agder, while co-supervisor has been Associate Professor Geir Køien, University of Agder.

Congratulations!

More than 70 people had registered, coming from all Swedish academic institutions that are active in Ph.D. training in the information security field. The spirit of the SWITS seminars encourages everyone to contribute with a presentation, leading to 35 talks within one and a half days. It gave a good impression of what is happening in IT security research in Sweden and of regional focus areas.

On the first day of the seminar, one of the three parallel workshop sessions was dedicated to cooperation between SWITS and COINS. We discussed research groups and the impact of the recently started IKTPLUSS projects on Ph.D. positions in Norway.

Of special interest to SWITS and COINS were:

• We again invite some SWITS students to join our COINS summer school. This year, the topic will be authentication.
• For 2017 we plan a joint SWITS/COINS Ph.D. seminar at Voksenåsen. It is a special place, dedicated from Norway to Sweden in gratitude for support during World War II. It will take place Thursday 8 June and Friday 9 June 2017. Save the date!

The seminar included a visit to the Military Aircraft Museum in Linköping where a dinner was held.

The title of his thesis is “Adaptive Security in the Internet of Things” and the given topic for his trial lecture was “Big Data and Information Privacy: Approaches towards measurable Privacy”.

Internet of Things (IoT) aims to connect various devices or things including sensors, software, electronics and other physical objects to collect and exchange data. This interconnection makes it a heterogeneous and dynamic ecosystem in which achieving security efficacy has become a challenging task and critical concern.

Conventional security controls and risk management models have a limited protection scope, and they implement fixed or static mitigation strategies. Therefore, they cannot address the dynamic threat, they do not address other runtime objectives, such as usability, and respond to threats manually that increases latency in risk mitigation. Aman focuses on adaptive security, which can be an effective tool to address threats in IoT as it can observe, analyze and react to them dynamically.

Aman’s thesis contributes an Event-driven Adaptive Security (EDAS) model for IoT. The model feasibility is assessed using a developed prototype and a scenario-based evaluation method that provide clear evidence that EDAS is an efficient solution for IoT Security.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Pierangela Samarati, Universita`degli Studi di Milano, Italy.
• Second external opponent: Professor Josef Noll, UiO/UNIK – Universitetssenteret på Kjeller.
• Third external opponent: Associate Senior Lecturer Dr. Lothar Fritsch, Karlstads universitet, Faculty of Health, Science and Technology, Sweden.
• Professor Stephen Wolthusen, Faculty of Computer Science and Media Technology, NTNU in Gjøvik was the administrator for the assessment committee.
• Dean Nils Kalstad Svendsen led disputation.

Waqas Aman carried out his PhD work at the Faculty of Computer Science and Media Technology, NTNU. His principal supervisor was Professor Einar Snekkenes, NTNU in Gjøvik and co-supervisor was Senior Research Scientist Habtamu Abie, Norwegian Computing Centre (Norsk Regnesentral).

Congratulations!

Half of the US workforce is women and yet only 8-11% is in cybersecurity. So, to address the undeniable critical shortage of cybersecurity professionals in this country, it only makes sense to recruit from the other half …. to create opportunities and pathways such that more women can consider cybersecurity as a viable career option! Not to mention the power of diversity in solving complex challenges unique to this field. The WiCyS conference was created out of this common sense. WiCyS has become a community of opportunity/advice/answer seekers and providers, mentors and mentees, speakers and listeners, and most importantly, a community of peers.

COINS supported DijanaVukovic to attend the WICYS Women in Cybersecurity conference 2016 in Dallas. Here is her travel report.

COINS supported Antonio Gonzalez Burgueño to attend the ICISSP Doctoral Consortium 2016 in Rome. Here is his travel report.

COINS supported Seraj Fayyad to attend the HackCon 2016 conference in Oslo. Here is his travel report.

COINS supported Seraj Fayyad to attend the SECENTIS Winter School 2016 in Trento, Italy. Here is his travel report.

The title of his thesis is Continuous User Authentication and Identification: Combination of Security and Forensics.

It examines how to prevent unauthorized use of computers by using continuous authentication.

For most computer systems, once the user’s identity is verified at login, the system resources are available to that user until he/she locks the session. In fact, the system resources are available to any user during that period. This can lead to session hijacking, in which an attacker targets an open session, e.g. when the genuine user gets a cup of coffee, or leaves to talk to a colleague.

To avoid unauthorized use of a computer and its resources, a continuous check of the user’s identity is important. Continuous Authentication has built around the biometrics supplied by the user’s physical or behavioural characteristics and continuously checks the identity of the user throughout the session.

But once it is discovered that it is not the genuine user that is using the computer, it is important to be able to identify who the imposter is. Mondal is the first to look at the issue with identifying the imposter in this manner. He has contributed a dynamic model that is able to make a decision on the genuineness of the user after each single action performed by the current user, as well as an identification technique that has achieved good results.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First external opponent: Professor Issa Traore, University of Victoria, ECE Department, ISOT Lab, Canada.
• Second external opponent: Assistant Professor Luuk Spreeuwers, University of Twente, Faculty of EEMCS, The Netherlands.
• Internal opponent: Associate Professor Basel Katt, AIMT, NTNU. Substitute for Basel Katt on 24 February was Professor Slobodan Petrovic, AIMT, NTNU.
• Associate Professor Sule Yildirim-Yayilgan, AIMT/NISlab, NTNU was the administrator for the assessment committee.
• Dean Nils Kalstad Svendsen led disputation.

Soumik Mondal carried out his PhD work at the Faculty of Computer Science and Media Technology, NTNU. His supervisor has been Professor Patrick Bours, NTNU, while co-supervisor has been Professor Christophe Rosenberger, ENSICAEN, France.

Congratulations!

Took place in June 15th-16th in Oslo, Norway, where participants got to experience world-class speakers like Raj Samani, Rik Fergusson and Ramsés Gallego, a fantastic three-track program, lots of perks and extras, and a hard-hitting rock-festival-party in the evening!

Some of the highlights of the program was: Jim Reavis, the CEO of Cloud Security Alliance gave a keynote on cloud security. The Cumulus-Project run a half-day workshop on certification of clouds services. A full-day track of e-health and government in joint-operation with IKT-Norge.

COINS supported Vivek Agrawal to attend the Cloud Security Alliance 2015 conference in Oslo. Here is his travel report.

Martin Aastrup Olsen successfully completed his PhD trial lecture and thesis defense at the Gjøvik University Collage on Thursday, the 17th of December 2015 and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Fingerprint Image Quality ”.

It focuses on increasing ease of use, speed and reliability of systems for recognition of fingerprints on mobile, electronic ID cards and passports.

Biometric systems and specifically fingerprint recognition has been widely used in recent years, both in mobile and through increased use of electronic border controls and national IDs. It is critically important that the quality of the biometric information registered in the system are of the highest possible quality. With high quality minimizing one risk of getting fake discrepancies when comparing findings with data recorded. Among other things, the level of humidity in the fingerprint influence the final biometric performance, this is something Olsen has studied more closely.

In his thesis, Olsen rated quality assessment algorithms against known current algorithms, and has also conducted a survey of how skin moisture affects biometric performance. The research has resulted in a better understanding of the influence of environmental factors on biometric recognition, as well as a new dataset which supports research on the detection and reconstruction of the fingerprint images of low quality.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• First Opponent: Prof. Dr. Javier Ortega-Garcia, Biometric Recognition Group, Escuela Politécnica Superior, Universidad Autonoma de Madrid, Spain.
• Other Opponent: Prof. Dr. Rasmus Larsen, Technical University of Denmark, DTU Informatics.
• Internal opponent: Prof. Dr. Laura Georg, Norwegian Information Security Laboratory (NISlab), IMT, GUC.
• Chairman of the Committee: Prof. Dr. Stephen Wolthusen, NISlab, IMT, GUC.
• Dean Nils Kalstad Svendsen led disputation.

Martin Aastrup Olsen carried out his PhD work at the Department of Computer Science and Media Technology , Gjøvik University College. His supervisor has been Professor Christoph Busch, while co-supervisor was professor Patrick Bours, both from Gjøvik University College.

Congratulations!

Mohsen Toorani successfully completed his PhD thesis defense at the University of Bergen on Monday, the 14th of December 2015 and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Security protocols and related topics ”.

The following committee has been appointed to evaluate his thesis and defense:

• Pedro Peris-Lopez, Carlos III University of Madrid
• Stig Frode Mjølsnes, NTNU
• Håvard Raddum, Simula Research Laboratory

Mohsen Toorani successfully completed his trial lecture on Monday, the 16th of November 2015 and the given topic for his trial lecture was “Interactive Information Theory”.

Mohsen Toorani carried out his PhD work at the Department of Informatics, University of Bergen. His main supervisors were Professor Øyvind Ytrehus  and Professor Tor Helleseth, University of Bergen..

Congratulations!

NISK brought together people working in ICT security mainly from the national community, but also from the international community.

COINS student members participated in NISK.

Here are their pictures and reflection reports.

• Andrii Shalaginov

• Yi-Ching Liao

The title of his thesis is “Software-defined networking architecture framework for multi-tenant cloud environments enterprise”.

The Information and Communications Technology (ICT) infrastructure of a large-scale enterprise consists of a wide variety of computing, storage, and networking hardware and software. The demand for new services and business models is growing rapidly; however, traditional operating mechanisms and computing models can not cope with the trend.

Particularly, network infrastructure and services are complex and hard to manage. The reasons are various, including rudimentary interfaces and vertically integrated networking planes. The situation is more critical when network resources are off-premises. These resources have limited functionality, while offering less control.

The contribution of this thesis is twofold. First, several architectural improvements are proposed for network monitoring services. These proposals take advantage of the data-intensive computing model and SDN mechanisms to advance the state-of-the-art in monitoring backbone and data center networks. Second, various components of an SDN architecture framework are designed that enhance the efficacy, reliability, and manageability of a large-scale cloud infrastructure. The enhancements are particularly made to network virtualization techniques, which are the critical building blocks in the cloud service delivery.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• Professor Javier Lopez, University of Malaga, Spain
• Associate Professor Yan Zhang, University of Oslo
• Associate Professor Terje Kårstad, University of Stavanger, had been appointed as the administrator of the assessment committee.

Aryan TaheriMonfared carried out his PhD work at the Department of Electrical Engineering and Computer Science, University of Stavanger. His main supervisor was Professor Chunming Rong.

Congratulations!

Antorweep Chakravorty successfully completed his trial lecture and PhD thesis defense at the University of Stavanger and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Privacy preserving analytics on large scale data from smart homes”.

Antorweep Chakravorty carried out his PhD work at the Department of Electrical Engineering and Computer Science, University of Stavanger. His main supervisor was Professor Chunming Rong.

Congratulations!

Samson Gejibo successfully completed his trial lecture and PhD thesis defense at the University of Bergen on Thursday, November 5th, 2015 and will be awarded the degree of Doctor of Philosophy.

The title of his thesis is “Towards a Secure Framework for mHealth: A Case Study in Mobile Data Collection Systems”.

The following committee has been appointed to evaluate his thesis, trial lecture and defense:

• Associate Professor Bruce MacLeod, University of Southern Maine
• Dr. Patricia N. Mechael,  HealthEnabled
• Associate Professor Uwe Egbert Wolter, University of Bergen

Samson Gejibo carried out his PhD work at the Department of Infomratics, University of Bergen. His supervisors were Associate Professor Khalid Azim Mughal and Adjunct Associate Professor Federico Mancini.

Congratulations!

The conferences were co-located with the COINS Ph.D. student seminar.

Here are their pictures and reflection reports.

• Andrii Shalaginov

• Dijana Vukovic

• Ambika Shrestha Chitrakar

• Huihui Yang

• Britta Hale

• Leonardo Iwaya

• Tetiana Yarygina

• Håkon Gunleifsen
• Stian Fauskanger

The title of her thesis is “Understanding information security incident management practices: A case study in the electric power industry” and the given topic for her trial lecture was “Vehicular network security”.

The following committee has been appointed to evaluate her thesis, trial lecture and defence:

• Prof. Simone Fischer-Hübner, Karlstad University
• Dr. Klaus Kursawe, European Network for Cyber Security, The Hague
• Prof. Finn Arve Aagesen, Department of Telematics, NTNU

Prof. Finn Arve Aagesen, Department of Telematics, NTNU, had been appointed as the administrator of the assessment committee.

Maria Bartnes Line carried out her PhD work at the Department of Telematics, NTNU. Her main supervisor was Prof. Poul E. Heegaard.

Congratulations!

Agenda

Sunday 18/10-2015, KTH main campus Valhallavägen, building Osquars Backe 2, 5th floor, room 1537 – be there on time as the building is locked that day

0930-1000 Welcome, introduction, presentation of COINS+SWITS participants
1000-1130 Working groups, e.g. a) COINS/SWITS team for hack.lu CTF Tuesday/Wednesday, b) Student proposals for how to integrate 20 new students in COINS in 2016, c) Research collaboration based on topics, …
1130-1200 Presentation of working groups results

1200-1300 Lunch [Bullens catering]

1300-1345 From Ph.D. to industry [Ebenezer Paintsil]
1345-1430 E-health security [Mohamed Abomhara, Samson Gejibo, Leonardo Iwaya]

1430-1500 Coffee/cake [Bullens catering]

1500-1600 Panel discussion – ask the professor/professional
1600-1645 Computational forensics [Andrii Shalaginov, Ambika Chitrakar]

1645-1700 Break

1700-1830 Simulated Ph.D. defence [Samson Gejibo + committee]

2000 Dinner at King Tan, Sveavägen 47

Monday 19/10-2015, KTH main campus Valhallavägen, building Osquars Backe 2, 5th floor, room 1537

0930-1000 COINS+SWITS activities in 2016/2017
1000-1030 Election of COINS student representatives
1030-1045 Coffee break [Sandwiches, coffee]
1045-1115 Halfway to Ph.D.? What will happen next? [Oleksandr Kazymyrov]
1115-1130 Closing, ideas on how to give the new COINS students a good start in 2016
(In parallel: 1030-1200 COINS Academic Advisory Board meeting in room 4531 on same floor)

1130-1300 Lunch

1300 NordSec starts with keynote by Eugene H. Spafford from Purdue University on “Rethinking Cyber Security”

To register, fill in an application for funding (type of support: “Ph.D. student seminar”).
Please note that you can stay on in Stockholm for NordSec and CySeP, too.

Logistics

The seminar will take place at KTH on Sunday and Monday. NordSec will start at the same place on Monday after lunch. It is up to you where you book your accommodation. NordSec has some recommended places on the conference homepage.

COINS students get coverage for travel (least expensive practical alternative t/r Stockholm) and accommodation (COINS, NordSec, CySeP). Students without a regular paper, i.e. none or a poster, get coverage for the NordSec conference fee; authors of full papers should get funding for the conference fee from their department. CySeP participation is covered.
NordSec/CySeP: You need to wear your COINS t-shirt and/or hoodie and upload a picture of you wearing it at the conference. You need to submit a 2 page travel report on your participation that can be shared with other COINS students and can be published on the COINS website after the event. If you present a poster at either NordSec or CySeP, you send us a picture of you presenting the poster with a COINS logo instead of a travel report.

COINS supervisors get coverage for travel (least expensive practical alternative t/r Stockholm) and accommodation. COINS does not pay for supervisor attendance or participation at NordSec, but you are welcome to book your flight so that you can attend NordSec with your own funding.

SWITS and MyPhD students and Ph.D. students from COINS partners get coverage for travel (least expensive practical alternative t/r Stockholm) and accommodation. COINS does not pay for attendance or participation at NordSec, but you are welcome to book your flight so that you can attend NordSec with alternative funding.
COINS does pay additionally for accommodation and NordSec (or CySeP) attendance for students that attend both the COINS seminar and NordSec (or CySeP), present a poster, wear a COINS t-shirt throughout the NordSec conference, acknowledge COINS funding on their poster and document their contribution by two photos of them taken at the conference and by writing a one page report on their seminar participation that can be published.

All inquiries can be sent to info@coinsrs.no.

ECTS credits

Participating COINS Ph.D. can obtain ECTS credits that might be used towards the taught component of their Ph.D. programme.

Students need to enrol in “IMT6004 COINS Workshop” at HiG to be formally allowed to get ECTS credits according to the requirements in the course description.

Please indicate in your application for funding or by email to info@coinsrs.no if you are interested in enrolling in IMT6004. Students get a transcript from HiG documenting their participation and then need to present it to their local COINS member institution. All consortium members agreed that participation in IMT6004 would be recognised as being eligible for consideration towards the taught component of the Ph.D. programmes.

Here are the reflection reports:

• Mohamed Ali Saleh Abomhara
• Andrii Shalaginov

• ISC2015_report by Tetiana Yarygina

• ISC2015 report by Håkon Gunleifsen

• ISC2015 report by Martin Strand
• ISC2015 report by Yi-Ching Liao

Evaluation Committee:

• Associate Professor Johan Peder Hansen from Department of Mathematics at Aarhus University (1st opponent)
• Maître Assistant Relinda Jurrius from Institut de mathématiques at the University of Neuchatel, Switzerland (2nd opponent)
• Professor Boris Kruglikov, Department of Mathematics and Statistics at the University of Tromsø – Norway’s Arctic University (internal member and committee chairman)

Supervisor:

• Professor Trygve Johnsen, Department of Mathematics and Statistics, Faculty of Science and Technology

Head of disputation:

• Dean Morten Hald, Faculty of Science and Technology

Congratulations!

The topic of the summer school – cloud security – was chosen by poll among COINS students. The programme committee consisted of Ijlal Loutfi, Patrick Bours, and Hanno Langweg.

Six invited lecturers, twelve students, and two supervisors contributed to the programme. The topics of the lectures were:

• Andrei Costin: Security of Network Monitoring Systems (NMS) for Cloud and HPC. Hands-on assessment, analysis and countermeasures.
• Kaniz Fatema: Privacy in cloud environment
• Daniel Hedin: Cloud Application Security
• Zhiqiang Lin: Everything You Need to Know about VMI
• Sandra Scott-Hayward: SDN Security
• Sachin Shetty: Moving Target Defense and End-to-End Defense against Kernel Rootkits in a Cloud Environment

Most of the participants had used the opportunity to pay a visit to ENISA in Athens on the way to the summer school on the island.

Date and topic for the COINS summer school in 2016 will be determined early next year.

A bold idea is to have a COINS student defend his or her thesis during the summer school next year.

• An example of summer school report and ENISA visit by Andrii Shalaginov.
• An example of summer school report and ENISA visit by Nabeel Albahbooh.
• An example of summer school report by Mohamed Ali Saleh Abomhara.

We were welcomed by Vangelis Ouzounis, the Head of Unit Critical Information Protection. Despite the August holiday season in Greece, many of ENISA’s expert staff was on site and discussed hot topics in information security with us: securing cloud, smart cities, training and cybersecurity challenge, and cyber crisis cooperation. We had intensive discussions in the group as well as in one on one meetings. Hanno Langweg, Scientific Director of COINS, gave a presentation of COINS to ENISA.

Thanks for welcoming us in Athens and hosting us! It was a pleasure to be there and it made a lasting impression on students.

The title of her thesis is “Multivariate public key cryptosystems produced by quasigroups” and the given topic for her trial lecture was “What is a quantum computer and what are the relations to cryptology?”.

The following committee had been appointed to evaluate her thesis, trial lecture and defence:

• Prof. Carlos Frederico Cid, University of London
• Prof. Ales Dràpal, Charles University of Prague
• Prof. Stig Frode Mjølsnes, Department of Telematics, NTNU
• Prof. Stig Frode Mjølsnes, Department of Telematics, NTNU, had been appointed as the administrator of the assessment committee.

Simona Samardjiska carried out her PhD work at the Department of Telematics, NTNU. Her main supervisor was Prof. Danilo Gligoroski.

Congratulations!

The outer ear is an emerging biometric trait that has drawn the attention of the research community for more than a decade. The unique structure of the auricle is long known among forensic scientists and has been used for the identification of suspects in many cases. The next logical step towards a broader application of ear biometrics is to create automatic ear recognition systems.

This work focuses on the usage of texture (2D) and depth (3D) data for improving the performance of ear recognition. It compares ear recognition systems using either texture or depth data with respect to segmentation and recognition accuracy, but also in the context of robustness to pose variations, signal degradation and throughput.

The proposed ear recognition system is integrated into a demonstrator system as a part of a novel identification system for forensics. The system is benchmarked against a number of different datasets that comprise of 3D head models, mugshots and CCTV videos from four different perspectives. As a result of this work, limitations of current ear recognition systems are outlined and possible directions for future applied research are provided.

Congratulations!

SWITS organised its annual seminar for the 15th time. It is held in a different place in Sweden each year, and this year it took place close to Västerås. 65 people from 18 institutions attended.

The first day started with an introduction of all IT security research groups in Sweden. Every group got some minutes to present its people, research focus etc. COINS was also given the possibility to present. Most of the remaining time was spent in sessions where PhD. students presented their research and status of their Ph.D. Presentations usually lasted 15 minutes each, including feedback and discussion. Presentations were grouped by topics, e.g. there were sessions on privacy, network security, information flow control etc.

In the afternoon of the first day, the audience split up into different working groups. One working group discussed cooperation between SWITS and COINS. We concluded with several ideas that we want to implement this year:

• Invite SWITS students to the COINS summer school on cloud security in Metochi in August. Daniel Hedin from SWITS is one of the lecturers.
• Invite SWITS students to the COINS Ph.D. student seminar in Stockholm 18-19 October 2015, sponsor travel+accommodation.
• For the week after the Ph.D. student seminar, and in parallel with NordSec, we envision to form a SWITS/COINS team with Ph.D. and master students to participate in the hack.lu CTF competition. An idea to have a team of professors in addition was dropped.
• A bold idea is to have a SWITS seminar in Norway instead of Sweden some time in the future, maybe as early as 2017.

After the formal programme, all participants were invited to the Sala Silver Mine with a long history.

The second day continued with student presentations and an invited talk by a representative of MSB (Swedish Civil Contingencis Agency), the sponsor providing financial support to the SWITS seminar.

The ACM Special Interest Group for Security Audit and Control (SIGSAC) had requested nominations for this year’s SIGSAC Doctoral Dissertation Award for Outstanding PhD Thesis in Computer and Information Security. This annual award by SIGSAC recognizes excellent research by doctoral candidates in the field of computer and information security. The SIGSAC Doctoral Dissertation Award winner and up to two runners-up will be recognized at the ACM CCS conference. The award winner will receive a plaque, a $1,500 honorarium and a complimentary registration to the current year’s ACM CCS Conference. The runners-up each will receive a plaque.

COINS wishes Nils Ulltveit-Moe luck in the further stages of the selection process.

Students: Answer her poll on http://foodl.org/foodle/COINS-Design-Change-54f47 and email your suggestions to Britta.

(The picture shows the current 2013 version of t-shirts.)

In the past two decades, as a result of the advancement in quantum algorithms, the crypto community showed increasing interest in algorithms that would be potentially secure in the post quantum world. One of the possible alternatives are Multivariate Quadratic (MQ) public key cryptosystems based on the NP-hard problem of solving quadratic polynomial systems of equations over finite fields.Many different MQ schemes emerged over the years, most of which fall into two main categories – single field schemes, including UOV, Rainbow, STS, the MQQ family of cryptosystems, and mixed field schemes including C*, SFLASH, HFE. Unfortunately, most of them have been successfully cryptanalysed using three major types of attacks:
– MinRank attacks – based on the problem of finding a low rank linear combination of matrices;
– Equivalent Keys attacks – based on finding an equivalent key for the respective scheme.
– Differential attacks – based on specific invariants of the differential of a given public key.

The seminar concentrated on the MinRank attacks and Equivalent Keys attacks on single-field MQ schemes. After an introduction in the topic, the focus was focus on:
– The new attack on the MQQ family of cryptosystems, that will be presented at PKC 2015. The MQQ family of cryptosystems (the name coming from Multivariate Quadratic Quasigroups being used in the design) show especially good performance properties. In particular, the MQQ-SIG signature scheme is the fastest scheme in the ECRYPT benchmarking of cryptographic systems (eBACS). We show that both the signature scheme MQQ-SIG and the encryption scheme MQQ-ENC, although using different types of MQQs, share a common algebraic structure that introduces a weakness in both schemes. We use this weakness to mount a successful polynomial time key-recovery attack that finds an equivalent key. Our theoretical results work in characteristic 2 which is known to be the most difficult case to address in theory for MinRank attacks. Futher, the attack can be applied to any MQ scheme, that exibits linear subspaces. From a practical point of view, we are able to break an MQQ-SIG instance of 80 bits security in less than 2 days, and MQQ-ENC instances of 128 bits security in little bit over 9 days.
– The generalization of the attack on other schemes in MQ cryptography. We will show how this attack extends to a new general framework for the security of MQ schemes with respect to attacks that exploit the existence of linear subspaces. For the purpose, we have adopted the linearity measures that have been used traditionally to estimate the security of symmetric cryptographic primitives, namely, the nonlinearity measure for vectorial functions introduced by Nyberg, and the (s, t)-linearity measure introduced recently by Boura and Canteaut. We redefine some properties of MQ cryptosystems in terms of these known symmetric cryptography notions, and show that our new framework is a compact generalization of several known attacks in MQ cryptography against single field schemes. We use the framework to explain various pitfalls regarding the successfulness of these attacks. Finally, we argue that linearity can be used as a solid measure for the susceptibility of MQ schemes to these attacks, and also as a necessary tool for prudent design practice in MQ cryptography.

Why it is necessary to have a women’s conference is to recruit women to the security industry – both in terms of education and to seek exciting jobs in an industry that will be of great importance in the future (digitization of our society). The conference is to ensure diversity and balance in this industry. To create an arena where women can gather – such as with Security Divas – should also motivate, engage and inspire more women to participate in this industry.

COINS supported Ambika Chitrakar and Yi-Ching Liao to participate in Security Divas.

There are many services nowadays that require secure transmission of large amounts of data. For that purpose special algorithms for symmetric cryptography are used. Such types of cryptographic primitives were scrutinized in the thesis. The focus of the research was on block ciphers, stream ciphers, hash functions and the components they are built of. The thesis proposes several methods to assess the reliability of cryptographic algorithms against a variety of modern attacks. It also proposes several criteria to improve resistance ratio. A piece of software was developed as a proof of concept of the theoretically achieved results. The block cipher and the hash function developed in the research will be implemented in the Ukrainian natioal standards from 2015.

Oleksandr Kazymyrov was born in Ukraine in 1987. He studied information security at Kharkiv National University of Radio Electronics in 2005-2009, and received master’s degree in information security in computer systems and networks in 2010. The doctoral work, begun in 2011, has been performed at the Department of Informatics at the University of Bergen.

Many of the competitors had experience from earlier competitions. At the COINS Ph.D. student seminar last week, the COINS team decided to take part without any special preparation. They finished among the top 50% of all teams. Owing to extensive research project obligations, most team members could only dedicate time in the beginning of the two-day competition. The COINS team reflected the distributed nature of COINS with students being based in four locations (Gjøvik, Grimstad, Oslo, and Trondheim) and communicating by text messaging and video conference.

Congratulations, Ambika, Andrii, Chris, Huihui, Ijlal, Vivek, and Yi-Ching!

Slides from the presentation.

In digital communication data is represented with ones and zeros (binary form). Binary sequences that have good properties are essential to increase robustness and reduce likelihood of errors in modern communication systems. Whole family of binary sequences with good mutual “correlation properties” is used in modern CDMA systems. Such sequences can also be used to construct error correcting codes. They correct errors that occur during transmission (or storage) of data that is susceptible to noise. The binary sequences also have many important applications in cryptography and are therefore of great importance for achieving secure and reliable communications.

A fundamental problem is to construct families of good sequences. A method for constructing both sequence families, error correcting codes and cryptographic systems, with desired properties is by using non-linear functions. The thesis studies special classes of “perfect” (PN) or “almost perfect” (APN) non-linear functions and shows how these features can be used to create new sequence families and classes of codes with optimal error correcting properties. A mathematical analysis of the new sequence families and codes which were constructed in the study shows promising results.

Congratulations!

The third day was devoted to investigation the advantages/disadvantages of multi-core systems. In particular, it was shown that many cores on a lower speed will execute tasks with less power consumption than a single one. Some limitations on the efficiency and cache size were given. Then, Rich Caruana from Microsoft presented an extensive study of different ML models including ensemble classifiers with boosting and bagging. The accuracy of huge number of different combinations of classifiers and datasets were given. Also Deep Learning was investigated in terms of efficiency and model complexity. It was concluded that there is no need to build complex models in order to achieve better and faster results. In fact the model compression is a trade-off. The day was finished by the streams framework explanations together with useful examples of usage. The fourth day consisted of application of ML for astroparticle detectors using Android phones first and then simulating it on the Streams framework.

The main outcome from attending the summer school for me is in the broad understanding the data streams mining and corresponding mechanisms for parallel optimization in Machine Learning. Also a view on model compression in Neural Networks for Big Data was uniquely useful. The attendance was beneficial since I have got multiple ideas for my current work on access control as a data streams mining problem. Moreover, networking was important as well as bringing new international connections. Finally, people wonder a lot about the COINS research school because of t-short, yet nobody knew that it exists.

(Note that order of presentations might change)

Monday, 13th of October 2014 (location: UiT, Nedre lysthus, Auditorium)

• 1200-1300 Lunch [served at cafeteria Teorifagsbygget]
• 1300-1315 Welcome to COINS Ph.D. Student Seminar 2014 [Ragnar Soleng]
• 1315-1400 Session 1: Speed dating [chair: Slobodan Petrovic]
• 1400-1510 Session 2: Long+short presentations by students [chair: Vladimir Oleshchuk]
  Yi-Ching Liao (HiG, IMT6004): Process tracking for forensic readiness
  Edgar Lopez-Rojas (BTH): Using financial synthetic data sets for fraud detection research
  Leonardo Iwaya (Karlstad University): Security aspects in mobile health technologies, Usable polices for Access Control Systems
  Martin Brodin (Skövde): Information security management for mobile devices in public and private organizations
  Gaute Wangen (HiG): Conflicting Incentives Risk Analysis
• 1510-1550 Break
• 1550-1710 Session 3: Long+short presentations by students [chair: Gaute Wangen]
  Andrii Shalaginov (HiG, IMT6004): Data-stream Mining for Rule-based Access Control
  Ijlal Loutfi (UiO): Identity Management as a Service
  Pablo Buiras (Chalmers): On dynamic flow-sensitive floating-label systems
  Zeeshan Afzal (KAU): Development & evaluation of a wireless IDS
  Huihui Yang (UiA): Formal Analysis about Security Requirements of a Group Authentication Protocol by Scyther
  Artem Voronkov (Karlstad University): Trustworthy system operations
• 1710-1720 Break
• 1720-1800 Session 4: Experience presentation
  Nils Ulltveit-Moe (UiA): My Experience doing a PhD

[chair: Andrii Shalaginov]

•  2000-2200 Social event

Egons Restaurant, Storgata 50

Tuesday, 14th of October 2014 (location: UiT, Fiskerihøgskolen, Lille Auditorium E102)

• 0915-1010 Session 5: Short presentations by students [chair: Hanno Langweg]
  Mathias Ekstedt (KTH): The cyber security modeling language and cyber security research at department for Industrial Information and Control Systems
  Chris Carr (NTNU): Homomorphic Encryption and our current research
  Germain Jolly (ENSICAEN): Software Evaluation of smart cards : Detection of abnormal behavior of a smart card application
  Bart van Delft (Chalmers): Very static enforcement of dynamic policies
• 1010-1020 Break
• 1020-1100 Session 6: Working groups – short-term stays
• 1100-1110 Break
• 1110-1200 Session 7: Long+short presentations by students [chair: Huihui Yang]
  Pankaj Pandey (HiG): Using Prediction Markets to Hedge Information Security Risks
  Tetiana Yarigyna (UiB): Client-side SSL certificate validation
  Dat Le Tien (UiO): Distributed and secure social network application using identity-based cryptography and free cloud storage service
  Ambika Chitrakar (HiG): Approximate search techniques for big data analysis
• 1200-1300 Lunch [served at cafeteria Teorifagsbygget]
• 1315-1430 Session 8: Simulated Ph.D. defense [chair: Chris Carr]
  Oleksandr Kazymyrov: “Methods and Tools for Analysis of Symmetric Cryptographic Primitives”; Opponents: Slobodan Petrovic and Vladimir Oleshchuk
• 1430-1440 Break
• 1440-1530 Session 9: Long+short presentations [chair: Tetiana Yarygina]
  Vivek Agrawal (HiG, IMT6004): Security and privacy issues in wireless sensor networks for healthcare
  Dijana Vukovic (NTNU): Improvement proposal for the CryptoCloak application
  Stian Fauskanger (UiB): DES S-box 4 is not like the others
  Simona Samardjiska (NTNU): Linearity Measures for MQ Cryptography
• 1530-1600 Election of student representatives
• 1600-1615 Break
• 1615-1730 Session 10: Panel discussion – ask the professor [chair: Simona Samardjiska]
• 2000-2200 Social event, awards, diplomas, prizes

Skarven Vertshus, Arctandria Sjømatrestaurant, Strandtorget 1

Wednesday, 15th of October 2014 (location: Quality Hotel Saga)

• 0915-1015 Session 11: Working groups – course portfolio, COINS/SWITS cooperation
• 1015-1030 Break
• 1030-1200 Session 12: Invited expert – Robert Frederking, Associate Dean for Graduate Education, School of Computer Science, Carnegie Mellon University, shares his experience on how Ph.D. programmes work in CMU/SCS
• 1200-1215 Break
• 1215-1300 COINS Research School of Computer and Information Security – Closing, outlook
• 1300-1400 Lunch
• (1500-1700 COINS Academic Advisory Board meeting)
• 1600 Opening of the NordSec conference (same place)

The seminar is over and registration is closed. The information below is kept for archival purposes. Thanks to everybody who contributed to the seminar.

Logistics

The seminar will take place at UiT on Monday and Tuesday, and at Quality Hotel Saga on Wednesday. NordSec will start at the same place on Wednesday. It is up to you where you book your accommodation. If you want to stay for NordSec, you probably want to book accommodation at Saga.

COINS students get coverage for travel (least expensive practical alternative t/r Tromsø) and accommodation (COINS+NordSec). Students without a regular paper, i.e. none or a poster, get coverage for the NordSec conference fee; authors of full papers should get funding for the conference fee from their department.

COINS supervisors get coverage for travel (least expensive practical alternative t/r Tromsø) and accommodation. COINS does not pay for supervisor attendance or participation at NordSec, but you are welcome to book your flight so that you can attend NordSec with your own funding.

SWITS and MyPhD students get coverage for travel (least expensive practical alternative t/r Tromsø) and accommodation. Total support is limited to 5,000 NOK per student. COINS does not pay for attendance or participation at NordSec, but you are welcome to book your flight so that you can attend NordSec with alternative funding.
COINS does pay additionally for accommodation and NordSec attendance for students that attend both the COINS seminar and NordSec, present a poster, wear a COINS t-shirt throughout the NordSec conference, acknowledge COINS funding on their poster and document their contribution by two photos of them taken at the conference and by writing a one page report on their seminar participation.

All inquiries can be sent to info@coinsrs.no.

ECTS credits

Participating COINS Ph.D. students might be eligible for getting ECTS credits that can be used towards the taught component of their Ph.D. programme.

HiG students need to enrol in “IMT6004 COINS Workshop” to be formally allowed to get ECTS credits according to the requirements in the course description.

Students from other COINS member institutions that do not yet offer a local course code could negotiate individual recognition based on an individual agreement. (And should ask their local COINS contact when local course codes become available.)

We will increase international awareness of COINS as a research school and as a portal to Ph.D. training in information security in Norway. The Ph.D. movie sequel is expected to be watched by candidates for Ph.D. positions as well as by current Ph.D. students and faculty alike.

SWITS organised its annual seminar for the 14th time. It is held in a different place in Sweden each year, and this year it took place in Uppsala.

The first day started with an introduction of all IT security research groups in Sweden. Every group got three minutes to present its people, research focus etc. COINS was also given the possibility to present. Most of the remaining time was spent in nine sessions of two to four PhD. students presenting their research and status of their Ph.D. Presentations lasted 15 minutes each, including feedback and discussion. Presentations were grouped by topics, e.g. there was a session on information flow security, one on vehicular security etc.

In the afternoon of the first day, the audience split up into different working groups. One working group discussed cooperation between SWITS and COINS. We concluded with several ideas that we want to implement this year:

• Have a poster session at NordSec in Tromsø with many posters from COINS and SWITS students.
• Invite SWITS students to the COINS Ph.D. student seminar 13-15 October 2014, sponsor travel+accommodation, and organise student presentations as a mini-conference. With the mini-conference style, students could explore the work of a programme committee and the peer review process. The goal is to have a low threshold to presentation with (almost) 100% acceptance rate.
• For senior faculty/supervisors and also for Ph.D. students we intend to organise a workshop/session on Ph.D. supervision in information security. The goal is to exchange experience, and to share what works and what does not – both from the perspective of supervisors and supervised.
• For the week following the Ph.D. student seminar and NordSec, we envision to participate in the hack.lu CTF competition with a joint SWITS/COINS team.
• Potential lecturers from SWITS could already consider contributing to the COINS summer school planned for 2015.

After the formal programme, all participants were introduced to Uppsala’s history by Carl von Linne. The tour focused on the academic history of Uppsala, featuring the oldest university in Scandinavia.

The second day continued with student presentations and an invited talk by a representative of MSB (Swedish Civil Contingencis Agency), the sponsor providing financial support to the SWITS seminar.

Next year’s SWITS seminar will probably be organized in Västerås by Mälardalen University.

Data surveillance techniques can be problematic from a privacy perspective, even if the intentions behind the surveillance might be commendable.

Surveillance of computer systems is often used to identify cyber attacks, identify violation to internal IT policies or to perform data retention according to legal requirements.

One of the main problems is that surveillance frequently lacks transparency concerning what indeed is being monitored, who have access to this information, and if side information from the surveillance can be used for other purposes than planned. In addition, information about what is being monitored by computer security companies is usually kept secret for business reasons. Another reason is that information about what is being monitored also may hurt the security of the company if attackers learn which strategies that are being used against cyber attacks.

For some businesses, especially critical infrastructures like health institutions, power grids and transport systems, it is still important to know what kind of information that is being monitored, and make sure that person sensitive or confidential information to as small as possible degree leaks to organisations performing monitoring of computer networks, especially when such operation is being outsourced. This often causes a dilemma between the need for protecting sensitive information and efficient methods for detecting computer attacks.

The dissertation amongst others describes a method for reversible anonymisation of sensitive information from computer monitoring systems, a privacy leakage metric based on Shannon entropy, and how these techniques can be used together in an improvement process which reduces leakage of sensitive information over time.

The research is being continued in the EU-projects PRECYSE and SEMIAH.

PRECYSE is a security project which is researching methods for protecting critical infrastructures against cyber attacks.

SEMIAH, which started 1. march 2014, is developing a secure and privacy friendly infrastructure for virtual power plants, which make profit from matching power consumption with production of renewable energy by moving power consumption in time.

Biography

Nils Ulltveit-Moe is from Moe in Gjerstad municipality in Aust-Agder, Norway. He got a bachelor degree in Telematics from Agder Ingeniør- and Distriktshøgskole (now University of Agder) in 1988 and master in Information Technology from Høgskolesenteret i Rogaland (now University of Stavanger) in 1990. He has worked as software developer for Ericsson and has later worked with computer security for Proseq AS which now is acquired by Telenor Security Operations Center.

He has been assistant professor at UiA since 1998, and has previously participated in the EU project EIAO which did research on large-scale automatic measuring of accessibility to web pages for disabled people. He has since 2009 worked with a PhD related to privacy-enhanced network monitoring, and does now work as assistant professor and work package leader for the EU projects PRECYSE and SEMIAH.

The PhD work is supported by Telenor, the PRECYSE project with contract number FP7-SEC-2012-1-285181 (www.precyse.eu) and UiA.

Only pictures submitted by a COINS member with a COINS t-shirt count. If you do not have your COINS t-shirt yet, drop me a note indicating your preferred shirt size. We have blue, dark blue, and red shirts. Availability varies.

Attending Finse? Giving a conference presentation? Travelling to a special destination? Wear your COINS t-shirt, get a picture taken, upload, have fun and win.

Security Divas is an information security conference with and for women that work with information security and ICT. The conference took place 16th and 17th of January at Strand Hotell in Gjøvik, and had remarkable female presenters in information security. One of them was Yi-Ching Liao, COINS student member, with a talk on security incident investigation.

Main topics of the conference were a description of the threat situation, handling of and examples of incidents and challenges related to reporting of events.

Berglind Smaradottir, COINS student member, said: “It was a nice event that gathered over 100 ladies working with information security. The topics at the conference covered aspects of information security in society. The conference gave many possibilities for networking and as a Ph.D. research fellow I established contact with other researchers that provided me with information on relevant research conferences in security. Thanks for the funding from COINS for the conference Security Divas.”

The paper written by Waqas Aman (picture on the right) who was supervised by Einar Snekkenes on “An Empirical Research on InfoSec Risk Management in IoT-based eHealth” won the best paper award.

The picture on the left shows professor Einar Snekkenes, Waqas Aman’s co-author of the paper.

The paper can be found here.

COINS congratulates on the achievement.

The board provided two recommendations for COINS:

• Demand for high competence in information security is high both in the public sector and in industry. COINS is hence considered to be an important instrument to contribute to build up such competence. It is of concern that a large number of Ph.D. students are from foreign countries as many positions in the field can require security clearance. It is important that students are made aware of this challenge towards employment opportunities in Norway.
• Industry needs to be made more aware of the Industrial Ph.D. instrument of the Research Council of Norway. The proposed COINS Student Researcher Grant looks promising and information about it should be distributed to all FRISC members.

The first day was held at Rica Forum Hotel in Stavanger immediately after the closing of NISK. Focus for the first day was to discuss goals of COINS and how COINS can contribute to better Ph.D. training from the students’ perspective. A panel discussion with three Ph.D. supervisors present led to a lively debate about publications, the publication process, cumulative dissertations, authorship, and job prospects. Simona Samardjiska shared her experience with doing a Ph.D.

Wednesday 20/11-2013

• 1200-1300 Lunch
• 1300-1315 Welcome to FRISC/COINS Ph.D. student seminar [Aryan TaheriMonfared, UiS; Stig Frode Mjølsnes, FRISC]
• 1315-1345 Introduction to COINS and Ph.D. seminar [Hanno Langweg, COINS, Aryan TaheriMonfared, UiS]
• 1345-1400 Q&A on COINS
• 1400-1500 “Ask the professor” panel [Stig Frode Mjølsnes, Slobodan Petrovic, Hanno Langweg]
• 1500-1515 Break
• 1515-1600 “Lessons learned doing my Ph.D.” [Simona Samardjiska, NTNU]
• 1600-1630 Presentations by participants (i)
  • Gaute Wangen (HiG): “Working title: Conflicting Incentives Risk Analysis”
  • Simona Samardjiska (NTNU): “On a class of quadratic permutation polynomials over finite fields of characteristic 2”
• 1900 Social event at Hall Toll near the harbour

The second day was hosted by University of Stavanger. early-stage Ph.D. students presented what they intended to research for their Ph.D., those in the middle of their project reported results, shared experience, and raised issues for debate. Discussion of students’ expectations towards COINS was continued and several recommendations will be followed up in the steering committee.

Two representatives for the COINS students were elected as members of the steering committee: Pankaj Pandey and Ctirad Sousedik. Congratulations!

Thursday 21/11-2013 University of Stavanger

• 0900-1030 Presentations by participants (ii)
  • Pankaj Pandey (HiG): “A framework for comparison and analysis of information security investment models”
  • Mohamed Ali Abomhara (UiA): “Investigation of user scenarios with focus on providing secure and privacy-respecting IoT environments”
  • Kashif Habib (HiG/NR): “Adaptive Security for the internet of things”
  • Dijana Vukovic (NTNU): “Applied Cryptography”
  • Håkon Jacobsen (NTNU): “A new coding-based public key encryption and signature scheme”
  • Ctirad Sousedik (HiG): “Fingerprint presentation attack detection with OCT”
• 1030-1045 Break
• 1045-1200 Presentations by participants (iii)
  • Yi-Ching Liao (HiG): “Enhance process tracking for forensic readiness in operating systems”
  • Aryan TaheriMonfared (UiS): “SDN Software-defined networking”
  • Andrii Shalaginov (HiG): “Application of soft computing for information security: an adaptive approach to big data analysis in agile environment”
  • Samson Gejibo (UiB): “mHealth Security and Privacy”
  • Huihui Yang (UiA): “Privacy policies for online systems”
• 1200-1230 Students’ opinions and ideas for COINS
• 1230-1300 Election of two student representatives for the COINS Steering Committee
• 1300-1315 Closing, outlook on 2014 [Aryan TaheriMonfared, UiS, Hanno Langweg, COINS]
• 1315-1415 Lunch

The next COINS Ph.D. student seminar is planned to take place 13-15 October 2014 in Tromsø, prior to the NordSec conference 15-17 October 2014.

Attending students:
Mohamed Abomhara (UiA), Bikash Agrawal (UiS), Samson Gejibo (UiA), Håkon Jacobsen (NTNU), Yi-Ching Liao (HiG), Pankaj Pandey (HiG), Simona Samardjiska (NTNU), Andrii Shalaginov (HiG), Kashif Habib Sheikh (HiG), Ctirad Sousedik (HiG), Aryan TaheriMonfared (UiS), Dijana Vukovic (NTNU), Gaute Wangen (HiG), Huihui Yang (UiA) +2 master students.

COINS sponsored participation of its student members at this year’s NIK/NISK/NOKOBIT conference. That contributed to 7 COINS students presenting papers out of the 12 presentations in total at NISK, the Norwegian Information Security Conference.

Slides from the presentation

She is the second student affiliated with COINS Research School of Computer and Information Security that graduates with a Ph.D. degree.

The term risk usually means the outcome of events that may be hazardous or that may cause loss. In our daily life, we make decisions taking account of the “risk” we might face, e.g. when crossing the road, baking a cake, driving, etc. These decisions are guided by our intuitive sense and we feel we understand the underlying risks associated with these events. With an evolving nature of information systems environment e.g. social media, cloud, etc, there is also an increase in the number of threats. Thus, it is important that we can identify and determine risks logically, and this is where risk analysis comes into play. Risk Analysis is a systematic process or guidelines that usually consists of three steps: risk identification, risk estimation and risk evaluation.

This thesis contributes by developing a new approach for risk analysis: Conflicting Incentives Risk Analysis (CIRA). In CIRA, the stakeholders, their actions, and their perceived expected consequences are identified and used to characterize the risk situation. Risk is modeled in terms of conflicting incentives between the stakeholders in regards to the execution of actions. Thus, CIRA does not rely on the concept of incident likelihood, unlike most of the classical methods. Moreover, CIRA focuses on human related risks.

This dissertation also contributes by presenting the theoretical concepts of risk acceptance and rejection, addressing both threat and opportunity risks in the context of CIRA. Furthermore, an initial insight into how CIRA can be extended to risk management is given by explaining the risk treatment (response) measures for threat (opportunity) risks.

The picture above shows Lisa with the evaluation committe and the conductor of the public defense. Picture from left: Dean Terje Stafseng (conductor of public defense), Prof. Dr. Steven Furnell, Faculty of Science and Technology, School of Computing and Mathematics, Plymouth University (First external opponent), Lisa Rajbhandari, Prof. Dr. Stephen Wolthusen, Faculty of Computer Science and Media Technology, Gjøvik University College (Head of committee), Adj. Ass. Prof. Karin Sallhammar Bernsmed, NTNU, Research Scientist SINTEF (Second external opponent) and Prof. Dr. Stewart Kowalski, Faculty of Computer Science and Media Technology, Gjøvik University College (Internal opponent)

Congratulations!

The picture to the right shows Lisa Rajbhandari and Einar Snekkenes both wearing their COINS t-shirts.

Competition was fierce. Many of the teams had experience from similar competitions and focus on applied IT security in their daily business. Students in COINS mainly deal with fundamental information security, e.g. access control, authentication, biometrics, cryptography, and a bunch works on security management. Few actually work on research that fosters the skills needed in a CTF competition. Nevertheless, brave COINS students set up a team and set Norwegian Ph.D. research on the map. Students from the Swedish SWITS network had been invited and extended the COINS team virtually. Competition started Tuesday morning and was completed Thursday morning.

The COINS team finished with rank 176 based on the score for challenges solved. 708 teams participated worldwide, 413 of them scored more than 0 points. This means that COINS came out in the top 43% of all active teams. HiG, consortium member of COINS, had a separate team for bachelor/master students and that team turned out to be the best team in Norway, with COINS taking a 3rd position nationally. The overall showing was promising for a small team that had not worked together before, and we look forward to participation of a larger and stronger COINS team at a CTF competition next year.

Students considered the activity to be fun and a rich learning experience.

Thanks to all who supported the event.

The main activity of MyPhD is an annual 1.5-day workshop for Ph.D. students from the participating universities. Attendance of professors/supervisors is considered important, so scheduling is based on when the highest number of professors is able to join the event. Students decide for themselves whether they want to attend, but are often encouraged by their supervisors. Typically, about 5-10 professors and 20-30 students come together. Organisation is done by one or two Ph.D. students and administrative staff of the hosting institution for the year.

Every participant is expected/required to contribute. Students choose from one of the following formats:

• 10 minutes for short presentation of ideas/thesis topics (5 minutes/3 slides); MyPhD had 12 of these, and COINS student Yi-Ching Liao contributed one
• 30 minutes for research presentation; MyPhD had 11 of these
• 30 minutes for experience presentation, typically given by senior Ph.D. students sharing “lessons learned”; MyPhD had 1 of these

Students got constructive feedback after each of the presentations. Both students and supervisors engaged in discussion and helped to find exciting research questions and to scope topics.

In addition, there was a talk on how to learn from rejected papers to improve content and presentation for resubmission (with some diversions on the academic review process in general), given by Dieter Gollmann. We also were given the opportunity to give a presentation on COINS. That was well received and we discussed how students from both networks could benefit from interacting with each other. Invited speakers shared insights about research challenges in applied IT security as seen from industry.

A highlight of the agenda was a 1.5-hour panel discussion titled “Ask the professors/professionals”. Student could submit questions anonymously or by raising a hand, and all professors/industry panelists were asked to provide their opinions. Questions included e.g. “How much time do you spend advising your doctoral students and how much would you like to spend?”, “How many papers should one have accepted before submitting a dissertation?”, “How do you deal with choosing the authors of a paper?” Answers were by far not unanimously given, so both panelists and students enjoyed a lively discussion.

The audience was ca. 60% German students, 40% students with an international background pursuing a Ph.D. with one of the participatig German universities. All presentations were given in English, and all discussion was conducted in English. There was a clear “Laptops stay closed” policy, obeyed by almost all of the participants. Emails needed to be checked in one of the four breaks during the day. Keeping laptops closed kept everyone focusing on the talks and engaged more people in discussion than usually observed at conferences in the field.

On the practical side, auditorium and room for coffee break (including beverages and pastries) are provided by the hosting university, lunch is served in the cafeteria and paid for by the university. External speakers are not paid. Participants pay for travel and for the hotel they choose, as well as for the dinner in the evening of the first day. A social event on Sunday evening before the workshop on Monday/Tuesday was optional and led us to Korean finger food and karaoke.

Well done, MyPhD students, it was a great experience to see you all contribute to an intensive networking event!

Yi-Ching Liao, Ph.D. student of COINS in her first year, returned home with an improved understanding of the scientific business: “The research process is not about fire-and-forget, submitting papers one after another without improvement. Researchers should understand how and why to improve the state of the art, and receiving feedback effectively greatly increases the likelihood of achieving better research. Submitting papers is just a periodical phase, and always getting the ideas onto paper makes continuous research possible. Always measure the soundness and false negatives of the research outcomes, since information will be lost or missed by human beings.”

Ebenezer Paintsil defended his doctoral thesis about information security on Thursday 12th of September.

Ebenezer Paintsil is associated to NISlab (Norwegian Information Security laboratory) at Gjøvik University College.  Title of the dissertation: Privacy and Security Risks Analysis of Identity Management Systems.

He is the first student affiliated with the Norwegian COINS Research School of Computer and Information Security  that graduates with a Ph.D. degree.

The thesis develops a risk model and model-based risk analysis method for privacy and security risks analysis of identity management systems (IDMSs) in order to reduce cost and provide scientific support for the choice of identity management approaches. Model-based risk analysis methods can assist system stakeholders in understanding a risk analysis process because of their effective use of graphical models to facilitate participation, risk communication and documentation. These graphical risk models communicate what can go wrong in a system and assist in the security risk analysis.

This thesis develops a balanced approach to risk analysis where systems’ characteristics and tools that hide complex mathematics are relied upon to analyze privacy and security risks in IDMSs. It provides new knowledge on how to develop risk models for IDMSs from the characteristics of information that flow in them.

Congratulations!

The competition is “challenge-based”, i.e. there will be ca. 20-30 challenges of various difficulty. The range includes vulnerable web applications, cryptography, reverse engineering and forensics, but also some challenges where you really have to think out of the box.

It is fun. It is demanding. And despite it being typically Norwegian to be good, teams from Norway most of the time do not play a role internationally. This should change. This can change. With you. You are among the smartest people in information security in Norway. Now it is time to show the world that you can take up a challenge when the rubber hits the road.

COINS will sponsor pizza and other healthy and not-so-healthy supplies needed in applied information security. COINS will connect you to a large virtual team – or fly you in to Gjøvik to participate in what is probably the largest Norwegian CTF team ever. COINS will invite students from our Swedish counterpart SWITS to join in a Nordic effort.

Participation in the COINS CTF team is an opportunity to take a break from theory, hone your skills and meet other young academics in the field.

There will be ca. 3-4 meetings of the steering committee in a year. Sometimes the meetings require travel to exotic locations in Norway, sometimes we have the meetings on Skype or email. Knowledge of spoken Norwegian is not required, ability to read Norwegian considerably eases communication. Participation in the steering committee of COINS is an opportunity to make COINS more valuable to Ph.D. students in information security.

Ph.D. student members on the SC serve for a term of one year and there is no limitation on the number of re-elections. Membership in the SC ends when a new representative is elected, when the Ph.D. student graduates, leaves the Ph.D. programme of a COINS consortium member, or does not show the agreed progression in the Ph.D. programme.

The election is proposed to be held by vote by the COINS students present at the Ph.D. student seminar co-located with this year’s NISK conference in Stavanger, i.e. on 20/21 November 2013.

If you are unsure whether to register, talk to your thesis advisor to get encouragement.

NISK brings together people in all areas of information security. Ph.D. students can submit a paper to be presented and published in the conference proceedings after successful peer review. NISK publications give publication points at level 1. There will be a Ph.D. student seminar co-located with NISK probably on 20/11 and 21/11. Exact date, time and programme TBA.

Conference homepage: http://www.frisc.no/arrangementer/nisk-2013/

COINS student members can apply for travel support to participate in NISK. To foster cooperation between Norwegian and Swedish Ph.D. students, COINS invites up to four students from the Swedish SWITS network to participate in NISK.

NordSec addresses a broad range of topics within IT security with the aims of bringing together computer security researchers from around the world and of encouraging interaction between academia and industry. In 2013 the conference has special focus on the security challenges of cyber-physical systems as found within areas as for example avionics, automotive, energy, healthcare and consumer appliances.

Traditionally the conference is arranged in the Nordic countries and in 2013 it will be in Ilulissat (Jakobshavn) situated 200 km north of the Arctic Circle and neighbouring the UNESCO’s World Heritage Centre of Ilulissat Icefjord. Travel to Ilulissat will be limited so early registration and booking is encouraged; please consult the web-page http://nordsec2013.imm.dtu.dk for the latest information.

Student members of COINS can apply for travel support to attend this Nordic information security event.

Each year, SWITS organises a two-day seminar. The seminar is held at a different location every time, this year in Malmö (supported by Lund University), next year probably in Uppsala.

On the first day, research groups presented themselves with each group using only a couple of minutes. This was followed by three consecutive sessions of three Ph.D. student presentations per session, separated by a lunch break and a short break. The presentations were grouped by topics, i.e. “Smart Phone Security and Trusted Platforms”, “Privacy and PETs”, and “Software Security and Information Flow”. Ph.D. students were at different stages in their projects, with some having just started and trying to scope their topic, others in the midst of data gathering and evaluation, and others close to finishing, using the presentation as an exercise for their thesis defence.

After the Ph.D. student presentations we gave a presentation on COINS and discussed possible opportunities for Norwegian/Swedish cooperation in Ph.D. training in information security. The discussion yielded several good ideas, and as one concrete result we will invite students from Sweden to NISK, the annual Norwegian information security conference to be held in Stavanger later this year. More ideas were:

• Promote NordSec better on the COINS website, together with other similar Nordic events
• Joint courses, block-mode with SWITS member institutions
• Joint Capture the Flag events, joint teams, organise a Nordic event
• Joint SWITS/COINS event with students presentations/workshops
• Various competitions, e.g. along the lines of Harvard Business School competitions where there is a joint Norwegian/Swedish jury
• Share information about upcoming Ph.D. defences – and send out invitations

Parallel group discussions followed on “Software Security”, “Security Management”, “Network Security”, and “PETs”. After group discussions, participants went on a boat trip and joined for dinner.

The second day also had three sessions of three Ph.D. student presentations each, interrupted by an invited talk (Jonas Hallberg from FOI on the SECURIT research programme) and a lunch break as well as several short breaks. The seminar was concluded by an invited talk presenting new IT security projects at MSB, the department for security and preparedness in Sweden. MSB also supports SWITS financially.

The concept seemed to work well with participants and organisers, so we are considering to have the first COINS Ph.D. student seminar in a similar fashion.

Observations we made:

• Everybody has some activities specialised to the discipline of the research school.
• Cooperation across faculties or institutions is easier to achieve when there is money.
• Cooperation across faculties or institutions is easier to achieve when there is not too much money.
• Attracting good master students to a research school that may be developed into Ph.D. candidates is not uncommon.
• Students seem to work hard even if they only get a certificate that has little formal value.
• Many (institutions and students alike) use a research school as a brand to brush up their funding applications or CVs.
• Successful research schools try to avoid too many rules and are rather inclusive than exclusive.
• Research schools involving a research institute and a university seem to be more driven/promoted/demanded by the research institute.
• Research schools cooperate with local masters programmes to recruit candidates.
• Significant effort is put into recruiting.
• Research schools follow up on students’ progression more closely (in addition to individual thesis advisors) and are interested in high completion rate.
• Training modules are often optional and participation is documented outside of a formal transcript.
• The structure of a research school is used as a brand.
• Organisational issues should be dealt with early and they should be communicated clearly.

Download a more detailed report on the first study tour and on the second study tour.

You can see COINS project partners and the research schools that we visited on the map.

Click to see a larger map