Upload
martha-herndon
View
223
Download
0
Tags:
Embed Size (px)
Citation preview
Master track Computer security:studying at the Kerckhoffs Institute
Lejla BatinaDigital Security Group
Institute for Computing and Information Sciences (ICIS) Digital Security
NijmegenNovember 11, 2013
Organization
Research topics that you study
• Cryptographic foundations of security• Security mechanisms within network protocols (IPSec, SSL,
scans, intrusions, DOS attacks and firewalls)• Software security: buffer overflows, SQL injections, design an
implementation, verification, proof-carrying code, software evaluation
• Hardware security: physical security, security of smartcards and RFID tags
• Privacy enhancing technologies - PETS
• Law in cyberspace
• Implementations of secure systems
44
Motivation: crypto/security is everywhere
Researchers working on these topics 1/2
Bart Jacobs: correctness and security properties of software
Erik Poll: software security, smartcard security, smart grids etc.
Jaap Henk Hoepman: design of a secure and privacy-friendly Internet of Things, Identity management
Researchers working on these topics 2/2
Mireille Hildebrandt: data protection, cyber crime, fundamental rights protection, privacy and non-discrimination
Lejla Batina: physical security, lightweight cryptography, implementations of cryptography
Peter Schwabe: high-speed cryptography, cryptanalysis
Mandatory and optional courses
Examples of research projects – short term
• Privacy-friendly solutions for data aggregation and filtering in SmartGrids
• Tor vs. the NSA• Experimental comparison of time memory trade-offs• Cluster analysis for side-channel attacks• Voting on mobile devices• Power measurement acquisition from an FPGA board• OV-chipkaart on a NFC-enabled mobile phone• Trusted interfaces for secure devices• Big data and non-discrimination• Data retention (NSA)
Examples of research projects – publications
• Kostas Papagiannopoulos, Gergely Alpár, and Wouter Lueks. Desigated Attribute Proofs with the Camenish-Lysyanskaya Signature. In 34th WIC Symposium on Information Theory, 2013.
• Manu Drijvers, Pedro Luz, Gergely Alpár and Wouter Lueks. Ad Hoc Voting on Mobile Devices. In 34th WIC Symposium on Information Theory, 2013.
• Jip Hogenboom and Wojciech Mostowski. Full Memory Read Attack on a Java Card. Proceedings of 4th Benelux Workshop on Information and System Security, Louvain-la-Neuve, Belgium, November 2009.
Master thesis projects with companies
Examples of recent MSc thesis projects
• Kostas Papagiannopoulos. High-throughput implementations of lightweight ciphers in the AVR ATtiny architecture, 2013 – now PhD student at the DS group
• Mathias Morbitzer. TCP Idle scans in IPv6, 2013 – now with Fox-IT• Christiaan Hillen. Beyond Smart Meters: Legal compliance of Home Energy
Management Systems, 2013 – now PhD student at the DS group• Barry Weymes. Recognising botnets in organisations, 2012 - now with Fox-IT• Arjan Blom. ABN-AMRO E-dentifier2 reverse engineering, 2011 – now with a
start-up• Ruben Muijrers. RAM: Rapid Alignment Method, 2011 – now with Riscure• Brinio Hond. Fuzzing the GSM protocol, 2011 – now with KPMG• Martijn Sprengers. GPU-based password cracking, 2011 – now with KPMG• Jip Hogenboom. Principal component analysis and side-channel attacks, 2010
– now with KPMG• Gerhard de Koning Gans. Analysis of the MIFARE classic used in the OV-
chipkaart project, 2009 – now with the Dutch police
Master thesis projects – closer look and impact1. Mathias Morbitzer. TCP Idle scans in IPv6, 2013.• presented his thesis work at Hack in the Box 2013 in Malaysia and at
HACK.LU in Luxemburg
2. Arjan Blom. ABN-AMRO E-dentifier2 reverse engineering, 2011.• discovered a serious security flaw in the internet banking protocol of ABN-
AMRO, which resulted in a publication at NordSec 2012 conference and attention in the Dutch press.
3. Ruben Muijrers. RAM: Rapid Alignment Method, 2011 • found a new algorithm for the alignment of “power traces” based on image
processing, which is now built into a commercial tool, published at CARDIS 2011.
4. Martijn Sprengers. GPU-based password cracking, 2011• MD5crypt password hashing scheme is considered not secure any more
as the results of Martijn’s thesis, published at SHARCS2012.
Job perspective
http://nos.nl/video/564092-kans-op-werk-in-cybersecurity.html
Why studying at the Kerckhoffs Institute – RU?
• ICT security is hot, with excellent job opportunities• DS group performs multidisciplinary research• DS group collaborates in developing better solutions for managing online
privacy and electronic identities as a member of PI.lab• DS promotes open standards and open source and has started many open
source smartcard projects• DS group has numerous projects with companies that specialise in security,
such as (security) consultancy companies, evaluation laboratories etc. => many PhD study opportunities