********************************************************************************

NISlecture 2015/01 (30.01.2015, 12.15-13.00 in K102)

Title : Forensic challenges in big data analysis

Speaker : Senior forensics scientist Zeno Geradts, Netherlands Forensic Institute

Published material: Video (the lecture starts approximately 16 min into the recording)

Abstract :

The current growth of the amount of data from heterogeneous sources in forensic science, for example from mobile phones, data derived from cloud services, hard drives and other media that are taken from suspects in an investigation. Within the Netherlands Forensic Institute experience is available with a scalable, transparent and secure system with the name of Hansken, and in which privacy-laws are exactly followed. Some results with this system from cases that on average are 6 TB and were 150 users can search through there data. Within the first 24 hours after a crime happened, data should be available to the police. In this presentation we will go deeper into the methods for big data analysis as well as methods for analysis of large amounts of multimedia from video and images in combination with biometrics. Also possibilities to link the data to the suspect will be discussed.

About the Speaker :

Zeno Geradts is senior forensic scientist at the departement Digital Technology and Biometry of the Netherlands Forensic Institute. He works on cases and coordinates Research and Development within this field and is program manager big data and cyber forensics. He is chairperson of the ENFSI Forensic IT Working group and professor at the University of Amsterdam as chair Forensic Data Sciences.

********************************************************************************

NISlecture 2015/02 (27.02.2015, 12.15-13.00 in K102)

Title : Biometrics and overview

Speaker : Consulant Sylvia Yang, Danish Institute of Fire and Security Technology

Published material Video

Abstract :

Silicon Valley made biometrics widely accepted among commercial users and is constantly exploring new ways of integrating biometrics in an increasing number of devices. Biometrics has moved from being a measure of identification to being applied as a means of authentication, verification. With the increased integration several issues arises, such as privacy and ethical considerations. A general overview of where the market is heading, what the trends are and how we protect ourselves from misuse will presented as well as some examples of biometrics from the industry.

About the Speaker :

Sylvia Yang is currently working as a consultant at DBI – Danish Institute of Fire and Security Technology, and has a background as a researcher from the University of Copenhagen, where she holds a PhD in Forensic Science. Her current work involves projects within research and innovation with focus on biometrics. She is the new administrator and coordinator of the network Danish Biometrics.

********************************************************************************

NISlecture 2015/03 (27.03.2015, 12.15-13.00 in K102)

Title : Cybercrime: Legal challenges and barriers

Speakers : Professor Lars Bo Langsted and Professor Søren Sandfeld Jakobsen, Aalborg University

Published material: Video (the lecture starts about 14 minutes into the recording)

Abstract :

Cybercrime is growing dramatically these years. According to Europol cybercrime is now more profitable than the global trade in marijuana, cocaine and heroin combined. Consequently, many countries have increased their efforts to combat cybercrime. Very often, however, the combat against cybercrime is obstructed by complex legal barriers. These barriers arise because criminal law does not take account of the many cross-border aspects related to cyberspace. And because an increased effort against cybercrime – in order to be effective – often requires a certain amount of surveillance of the citizens, which may conflict with the citizens’ fundamental right to privacy and protection of personal data. The purpose of the newly established cybercrime research center at the Law Department of University of Aalborg is to conduct and convey high-level research in this new and very relevant aspect of law, and the presentation will give an introduction to the center and the fundamental legal principles and problems related to cybercrime as a legal research area.”
 
About the Speakers :

Lars Bo Langsted is professor of criminal law and tort law at Aalborg University and head of IEEC Crime Research Centre. He is author or coauthor of 150 articles and books and is often used as expert member or chairman of boards and committees.
 
Søren Sandfeld Jakobsen is professor of Media, Information and Communication law at Aalborg University and member of IECC Crime Research Center. He is the author of a large number of articles and books and holds a number of honorary positions. He has formerly worked as an attorney and as Head of Office at the Ministry of Business.

********************************************************************************

NISlecture 2015/04

Title : Large Scale Biometric Identity Management System: India’s UID Project – an Overview

Speaker : Professor Prof. Dhiren Patel, NIT Surat, India

Published material: Video (the lecture starts about 10 minutes into the recording)

Abstract :

As India moves towards large scale e-Governance adoption, a soft infrastructure for Government service delivery is needed to ensure efficiency and accountability across multiple systems. A national ID system is crucial to improve the efficiency and transparency of various e-Governance initiatives. The UID (Unique Identity) project of India has the vision of empowering every resident of India with a unique identity and providing a digital platform to authenticate anytime anywhere. Using biometrics, it provides an instant, electronic, non-repudiable proof of identity. This system is built on a sound strategy and a strong technology backbone and has evolved into a vital digital infrastructure.

This lecture encompasses discussion on Large Scale Identity Management Systems with a detailed case study of India’s UID Project.

About the Speaker :

Dr. Dhiren Patel is a Professor & Chair of Computer Engineering Department at NIT Surat, India. He leads Security and Cloud computing group at NIT Surat. Prof. Patel has academic and research associations with University of Denver, Colorado – USA (Visiting Professor – Summer and Fall 2014), IIT Gandhinagar - India (Visiting Professor – 2009-2011), with City University London (Visiting Scientist – Cyber Security – 2009-2014), with British Telecom UK (Visiting Researcher – Cloud Security and Trust Management - 2012), and with C-DAC Mumbai - India (Research Advisor – Security and Critical Infrastructure Protection). He has authored a book on Information Security (ISBN-978-81-203-3351-2, Prentice Hall 2008) and numerous research papers. He is associated with many high power government committees in India on Higher Technical Education and Security Research.

********************************************************************************

NISlecture 2015/05

Title : Security for REST-based Services

Speaker : Professor Dr.-Ing. Luigi Lo Iacono, FH Cologne, Germany

Published material: Video (the lecture starts about 10 minutes into the recording)

Abstract :

The architectural style REST defines guidelines for designing distributed service systems. Desirable service properties are achieved by a set of defined constrains. REST-based systems have, e.g., to be stateless in order to ensure the scalability of service systems. The uniform interface is another important constrain providing simplicity of interfaces and performance of components interaction. This constrain is one of the main drivers for the increasing design of service systems based on REST.
Currently there exists only a limited set of technologies which can serve as a foundation for implementing REST-based systems. HTTP/URI is by far the most dominant choice. This fact is the source for many misinterpretations in which HTTP is often put at the same level as REST. Consequences emerging from these reasonings are manifold. One related to security is the adoption of transport-oriented protection means only as common for conventional web applications.
This talk will start by introducing the basic constraints representing REST. Based on these foundations, REST is afterwards challenged with other contemporary service technologies. Here, the focus is drawn on the security of REST-based service systems. The limitations of transport-oriented protection means are emphasized and the demand for specific message-oriented safeguards is motivated. The talk concludes by reviewing the current state in REST-Security related research and development activities.

About the Speaker :

Luigi Lo Iacono studied computer science with a major in systems and security engineering and received the PhD degree from the University of Siegen (Germany) in 2005. He has previously worked in academic and industry research labs and is currently a full professor in web technologies at the Cologne University of Applied Sciences. His research interests include web and usable security.

********************************************************************************

NISlecture 2015/06

Title : Digital Sovereignty

Video (the lecture starts about 9 minutes into the recording)

Speaker : Professor Dr. Reinhard Posch, TU Graz & Chief Information Officer of the Federal Government of Austria 

Abstract :

Core aspects of Digital Sovereignty will be governance of ICT and the new technologies and paradigms mainly mobile technologies and cloud computing. At the same time, these aspects are the hardest security challenges. The intersect of these areas will be the major drivers when it comes to the lead or even domination in the field of ICT over the next decade. With this digital sovereignty and international agreements, e.g. TTIP will play a decisive role in this game. 

Europe seems to have given in with the global division where America focusses on large and industrial software and systems where Asia has taken the lead with hardware as labor and environment conditions are not reflected in the products. Europe being one of the largest markets is still struggling with its position in this game. Consumer’s needs and security as well as data protection and trusted information security might be areas where Europe has fair chances but at the end it will be about governance. While overarching and global some of the key factors of such governance will be factored into important detail aspects and new ICT paradigms like mobile and cloud computing and might even take dominant roles. 

About the Speaker :

Reinhard Posch received his PhD at Graz University of Technology, where he was appointed Full Professor in Applied Information Processing and Communications in 1984. Since 1986 he is Head of the Institute of Applied Information Processing and Communications Technology (IAIK-TU Graz) and Scientific Director of the Austrian Secure Information Technology Center (A-SIT). His main interests are in computer security, cryptography, secure hard- and software and eGovernment.
Since 2001, he is Chief Information Officer (CIO) for the Federal Government of Austria responsible for strategic coordination of activities in the field of ICT including all levels of government. 

Since 2003, he is Chairman of the Board of Trustees of the Stiftung Secure Information and Communication Technologies (SIC) in Graz. From 2007 to 2011 he was Chairman of the Management Board of the European Network and Information Security Agency (ENISA) and in 2012 became Member of the IT Rat der Weisen to give professional advice to European Commission Vice-Presidents Neelie Kroes and Maroš Šefčovič in the area of IT security and to assist the implementation of the Digital Agenda for Europe. He takes part in various groups installed by the European Commission, notably he is a member of the steering board of the European Cloud Partnership. 

********************************************************************************

NISlecture 2015/07

Title : Telenor Group from a Security Perspective

Published material: Video.

Speaker : André Årnes, Senior Vice-President, Group Business Security Officer, Telenor Group & Associate Professor NISlab

Abstract :

In this lecture, André Årnes, the Head of Group Business Security in Telenor Group and an Associate Professor at NisLab will give a presentation about Telenor Group from a security perspective. Telenor Group Business Security was established in 2015 with a mandate to identify and manage security risks globally and to set a security strategy for Telenor. The telecommunications industry is facing a wide range of security challenges and threats converging across traditional security domains. Security must develop a proactive business mindset and take an active part in enabling the organization to develop secure and trusted services for our customers. 

About the Speaker:

André Årnes is the SVP and Group Business Security Officer in Telenor Group, with overall responsibility for information security, physical security and services fraud globally. He has previously served as the CIO in Telenor Global Shared Services, and he has operational experience as a cyber crime investigator specializing in digital forensics in the Norwegian National Criminal Investigation Service (Kripos) and the Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime (Økokrim). André is also an Associate Professor at NisLab and holds a PhD in information security from NTNU with research visits to UCSB (USA) and Queen’s University (Canada).

********************************************************************************

NISlecture 2015/8

Title : Timing Attacks against State Estimation in Power Networks

Speaker : Professor Stephen Wolthusen, Norwegian Information Security Laboratory NISlab, Gjøvik University College & School of Mathematics and Information Security, Royal Holloway, University of London, UK

Abstract :

State estimation is critical to ensure the stability of many non-trivial control systems where full observability cannot be maintained, and is particularly important in electrical power networks relying on wide-area measurement systems. In recent years, the problem of malicious bad data injection has been studied extensively, with a number of innovative mitigation and protection measures being proposed.

We describe a communication channel model for hierarchical state estimators relying on the common WLS formulation and analyse the propagation of faults leading up to convergence failures in both intermediate and top-level state estimates as a consequence of interference with the communication channel.

These attacks can succeed even where measurements are trustworthy and communication channels are protected.

About the Speaker:

Stephen Wolthusen holds dual appointments as professor of Computer Science at Gjøvik University College and as Reader in Mathematics in the School of Mathematics and Information Security at Royal Holloway, University of London along international visiting appointments. His principal research interests are in adversary and attack models in cyber-physical, critical infrastructure systems and in network security where he has published over 130 peer-reviewed articles whilst leading a and participating in a number of national and international projects. He is also the author and editor of a number of books and is past Editor-in-Chief of Computers & Security.

********************************************************************************

NISlecture 2015/9 (11.12.2015, 12.15-13.00 in K 102)

Title : The Norwegian Internet Voting Experiment

Speaker:  Professor Kristian Gjøsteen, Department of Mathematical Sciences, Norwegian University of Science and Technology NTNU

Abstract :

In 2008 the Norwegian parliament authorized trials of electronic voting in Norway. This lead to trials of electronic voting from home during the 2011 local elections and 2013 parliamentary elections.
The trial used a cryptographic voting protocol suitable for Norwegian elections. Proofs of security was one of the most important tools during the design of this cryptography protocol. We discuss how implementation bugs and voter behavior can invalidate the strong security guarantees provided by security proofs.

About the Speaker:
Kristian Gjøsteen is a professor at the Department of Mathematical Sciences at NTNU. Most of his work is on the design of cryptographic protocols, but he has also analyzed theoretical and practical systems (Dual-EC-DRBG, BankID). He was a cryptographic consultant for the Norwegian Government’s internet voting project from 2009-2013.

********************************************************************************