Master track Computer security:studying at the Kerckhoffs Institute

Lejla BatinaDigital Security Group

Institute for Computing and Information Sciences (ICIS) Digital Security

NijmegenNovember 11, 2013

Organization

Research topics that you study

• Cryptographic foundations of security• Security mechanisms within network protocols (IPSec, SSL,

scans, intrusions, DOS attacks and firewalls)• Software security: buffer overflows, SQL injections, design an

implementation, verification, proof-carrying code, software evaluation

• Hardware security: physical security, security of smartcards and RFID tags

• Privacy enhancing technologies - PETS

• Law in cyberspace

• Implementations of secure systems

44

Motivation: crypto/security is everywhere

Researchers working on these topics 1/2

Bart Jacobs: correctness and security properties of software

Erik Poll: software security, smartcard security, smart grids etc.

Jaap Henk Hoepman: design of a secure and privacy-friendly Internet of Things, Identity management

Researchers working on these topics 2/2

Mireille Hildebrandt: data protection, cyber crime, fundamental rights protection, privacy and non-discrimination

Lejla Batina: physical security, lightweight cryptography, implementations of cryptography

Peter Schwabe: high-speed cryptography, cryptanalysis

Mandatory and optional courses

Examples of research projects – short term

• Privacy-friendly solutions for data aggregation and filtering in SmartGrids

• Tor vs. the NSA• Experimental comparison of time memory trade-offs• Cluster analysis for side-channel attacks• Voting on mobile devices• Power measurement acquisition from an FPGA board• OV-chipkaart on a NFC-enabled mobile phone• Trusted interfaces for secure devices• Big data and non-discrimination• Data retention (NSA)

Examples of research projects – publications

• Kostas Papagiannopoulos, Gergely Alpár, and Wouter Lueks. Desigated Attribute Proofs with the Camenish-Lysyanskaya Signature. In 34th WIC Symposium on Information Theory, 2013.

• Manu Drijvers, Pedro Luz, Gergely Alpár and Wouter Lueks. Ad Hoc Voting on Mobile Devices. In 34th WIC Symposium on Information Theory, 2013.

• Jip Hogenboom and Wojciech Mostowski. Full Memory Read Attack on a Java Card. Proceedings of 4th Benelux Workshop on Information and System Security, Louvain-la-Neuve, Belgium, November 2009.

Master thesis projects with companies

Examples of recent MSc thesis projects

• Kostas Papagiannopoulos. High-throughput implementations of lightweight ciphers in the AVR ATtiny architecture, 2013 – now PhD student at the DS group

• Mathias Morbitzer. TCP Idle scans in IPv6, 2013 – now with Fox-IT• Christiaan Hillen. Beyond Smart Meters: Legal compliance of Home Energy

Management Systems, 2013 – now PhD student at the DS group• Barry Weymes. Recognising botnets in organisations, 2012 - now with Fox-IT• Arjan Blom. ABN-AMRO E-dentifier2 reverse engineering, 2011 – now with a

start-up• Ruben Muijrers. RAM: Rapid Alignment Method, 2011 – now with Riscure• Brinio Hond. Fuzzing the GSM protocol, 2011 – now with KPMG• Martijn Sprengers. GPU-based password cracking, 2011 – now with KPMG• Jip Hogenboom. Principal component analysis and side-channel attacks, 2010

– now with KPMG• Gerhard de Koning Gans. Analysis of the MIFARE classic used in the OV-

chipkaart project, 2009 – now with the Dutch police

Master thesis projects – closer look and impact1. Mathias Morbitzer. TCP Idle scans in IPv6, 2013.• presented his thesis work at Hack in the Box 2013 in Malaysia and at

HACK.LU in Luxemburg

2. Arjan Blom. ABN-AMRO E-dentifier2 reverse engineering, 2011.• discovered a serious security flaw in the internet banking protocol of ABN-

AMRO, which resulted in a publication at NordSec 2012 conference and attention in the Dutch press.

3. Ruben Muijrers. RAM: Rapid Alignment Method, 2011 • found a new algorithm for the alignment of “power traces” based on image

processing, which is now built into a commercial tool, published at CARDIS 2011.

4. Martijn Sprengers. GPU-based password cracking, 2011• MD5crypt password hashing scheme is considered not secure any more

as the results of Martijn’s thesis, published at SHARCS2012.

Job perspective

http://nos.nl/video/564092-kans-op-werk-in-cybersecurity.html

Why studying at the Kerckhoffs Institute – RU?

• ICT security is hot, with excellent job opportunities• DS group performs multidisciplinary research• DS group collaborates in developing better solutions for managing online

privacy and electronic identities as a member of PI.lab• DS promotes open standards and open source and has started many open

source smartcard projects• DS group has numerous projects with companies that specialise in security,

such as (security) consultancy companies, evaluation laboratories etc. => many PhD study opportunities