Norwegian Information Security Seminar

NISseminar is a weekly research seminar, which targets professors, researchers, PhD candidates, MSc and BSc students at NTNU i Gjøvik. It shall bring together researchers and students to have an academic exchange on a topic in information security presented by one of NISlab researchers. The seminar takes place on Fridays during the lunch break 12.15 - 13.00, and is open to all interested.To follow the online series, please find the playlist of recordings here: https://www.youtube.com/playlist?list=PL17KQCa8hhvApcc1LO8aarrNmm5sFgmni

*********************************************

19.01.2018, 12:15 – 13h, 153, A building

Speaker: Kaja Hannestad, Technical student @ CERN

Title: One year as a Technical Student at CERN  

Recorded stream

Abstract : The presentation will give an insight in the life of a Technical Student working as a network administrator at CERN. How is it to work there? What did I do? What challenges did I face? This will hopefully be answered in the presentation, in addition to going into detail about my main project which evolved around Quality of Service (QoS).

About Speaker: Got my trader certificate within computer electronics before starting my bachelor in Computer Science and Engineering at NTNU in Gjøvik in 2014. Spent 2017 as an exchange student working at CERN in Geneva.

*********************************************

02.02.2018, 12:15 – 13h, A146, A building

Speaker: Jan William Johnsen, PhD candidate

Title: Identifying Central Individuals in Organised Criminal Groups and Underground Marketplaces

Recorded stream

Abstract: Traditional organised criminal groups becomes more active in the cyber domain. They form online communities used as marketplaces for illegal materials, products and services, which drives the Crime as a Service business model. These underground marketplaces allow them to operate with little interference from law enforcements. The challenge of disrupting the underground marketplaces is to know which individuals to focus law enforcement’s effort on. Because taking down a few selected people can have more effect on disrupting the services provided by cyber criminals. We presents our recent study on centrality measures’ performance for identifying important individuals on two networks. We focus our analysis on two distinctly different network structures: Enron – which replace an organised criminal group – have a hierarchical structure, while the hacker forum Nulled.IO is more loosely structured. Our result show that centrality measures favours individuals with more communication rather than people usually considered more important: organised crime leaders and cyber criminals who sell illegal material, products and services.

About Speaker: Jan William is currently a Ph.D. candidate at Norwegian University of Science and Technology (NTNU). He earned his Master in Information Security at NTNU in 2016. In his thesis work he focused on identifying people of interest through social network analysis and he has published one article based on this work. After completing his Masters, Johnsen continued to pursue an academic carrier within his research interest: the detection and prevention of financial crimes such as fraud and money laundering.

*********************************************

09.02.2018, 12:15 – 13h, A153, A building

Speaker: Dmytro Piatkivskyi, PhD candidate

Title: Payment splitting in the Lightning network — leaving micro-payment network for micro-payments

Recorded stream

Abstract: Lightning network is a payment channel network that utilises Bitcoin off-chain transactions to allow for higher transaction volume. Being a protocol, its properties are to be defined by its adoption. While the existing research on the Lightning network assumes its use for conventional payments, we propose to leave it to micro-payments only, transforming a money transfer into a stream of money. Such a transformation arguably improves the network properties such as efficiency, privacy and security.

About Speaker: Received a Bachelor degree in Information security from National Technical University of Ukraine “Kyiv Polytechnic Institute” in 2012. Graduated Gjøvik University College in 2014 with a Master degree in Information secuirty. Before joining Testimon Forensics Research Group at NISlab as a PhD student, was employed at UBS AG as a software developer, Investment Banking department.

*********************************************

16.02.2018, 12:15 – 13h, A153, A building

Speaker: Odin Jenseg and Simen Lybekk, students @ NTNU

Title: European Cyber Security Challenge

Recorded stream

Abstract: European Cyber Security Challenge (ECSC) is an initiative by the European Union Agency for Network and Information Security (ENISA). The goal of this challenge is to find cybersecurity talents and to encourage young people for a career in cybersecurity. The object of the challenge is to attack and defend computer infrastructure, as well as solving problems in the field of; cryptography, forensic, programming, reverse engineering, web, and hardware hacking.
2017 was the first year Norway competed in this challenge. The Norwegian team consisted of ten members who were sent to Malaga in Spain to compete in ECSC. This talk will be about the experience of competing in a challenge at this level, and why professors and students should be interested in these types of competitions.

About Speaker:
Odin Jenseg is a student at NTNU Gjøvik in Master of Information Security, with specialization in digital forensics. He received his Bachelor degree in Information Security from NTNU Gjøvik summer 2017.

Simen Lybekk is a student at NTNU Gjøvik in Bachelor of Information Security.

*********************************************
02.03.2018, 12:15 – 13h, A254, A building

Speaker: Håkon Gunleifsen, PhD candidate

Title: A Tiered Control Plane Model for Secure Tunnel Setup in Service Function Chaining

Abstract: This presentation shows an architecture for encryption automation in interconnected Network Function Virtualization (NFV) domains. Current NFV implementations are designed for deployment within trusted domains, where overlay networks with static trusted links, are utilized for enabling network security. Nevertheless, within a Service Function Chain (SFC), Virtual Network Function (VNF) flows cannot be isolated and end-to-end encrypted, because each VNF requires direct access to the overall SFC data-flow. This restricts both end-users and service providers from enabling end-to-end security, and in extend VNF isolation within the SFC data traffic. Encrypting data-flows on a per-flow basis, results in an extensive amount of secure tunnels, which cannot scale efficiently in manual configurations. Additionally, creating secure data plane tunnels between NFV providers requires secure exchange of key parameters, and the establishment of control plane channels. We extend the existing NFV architecture focusing on these two problems, investigating how overlay networks can be created, isolated, and secured dynamically. Accordingly, we propose an architecture for automated establishment of encrypted tunnels in NFV, which introduces a novel, tiered east-west communication channel between Network Controllers in a multi-domain environment.

About Speaker: Håkon Gunleifsen did his masters in and Information and Communication Technology from UiA and Waterford IOT, Ireland (2002). He is currently working 75 % with an industrial Ph.D. at NTNU Gjøvik and 25 % as a senior consultant at Eidsiva bredbånd.

*********************************************
09.03.2018, 12:15 – 13h, A153, A building

Speaker: Isuf Deliu, Master thesis awardee

Title: Extracting Cyber Threat Intelligence From Hacker Forums

Recorded stream

Abstract: Cyber-protection is a top priority for modern civilization. Even though tradition security controls can detect and prevent a large proportion of cyber-attacks, they are struggling to keep pace with the increasing sophistication of attack tools and methodologies. For this reason, the cyber security community has recently focused on more proactive approaches such as Cyber Threat Intelligence (CTI). The main idea of CTI is the enrichment of traditional security controls by using information collected from multiple diverse sources, both in-house and external. Hacker forums and other social platforms may contain vital information about cyber security threats. But using manual analysis to extract relevant threat information from these sources is a time consuming and error-prone process that requires a significant allocation of resources. In our research, we utilized a combination of supervised and unsupervised Machine Learning algorithms to locate hacker posts that are of high relevance for cyber security. The findings of the experiments performed using the data from a real hacker forum include zero-day exploits, leaked credentials, IP addresses of malicious proxy servers, etc. suggesting the use of these sources as an integrated part of CTI solutions.

About Speaker: Isuf Deliu is originally from Kosovo and holds a Bachelor’s degree in Computer Engineering from the University of Prishtina. After spending a semester as an exchange student in Gjøvik, Isuf joined NTNU in 2015 and received his Master’s degree in Information Security last June (2017). His interests are mainly the applications of Machine Learning algorithms in different application domains with a focus on Information Security and Digital Forensics. Isuf was selected as one of the winners for Master Thesis Award by Telenor-NTNU AI Lab. This award is given to Master’s thesis that have significant impact for Norway or society at large and contribute to building of awareness for the latest trends in the field of Artificial Intelligence. Isuf currently lives in Oslo and works as an Associate at Forensic Technology Services in BDO. In the daily basis, he works with identification, collection, and analysis of digital evidence, as well as data visualization.

*********************************************
06.04.2018, 12:15 – 13h, D101, H building

Speaker: Edgar Alonso Lopez Rojas, Post-Doc

Title: Simulating and generating realistic data sets using real case studies for research in financial fraud

Abstract: Fraud controls for financial transactions are needed and required by law enforcement agencies to flag suspicious criminal activity. These controls however require deeper analysis of the effectiveness and the negative impact for the legal customers.
It will be even harder with the introduction of changes on the General Data Protection Regulation (GDPR) in Europe, which will enforce financial organisations to be even more restricted with their customers data and privacy. Our research aims to tackle these two main problems: the lack of public available financial data sets and the reproducibility of research on financial fraud that derives from private data sources.
We present a method for the construction and use of financial simulator as an alternative to this problem. This method allows other researchers to build or use a financial simulator to study, analyse and test their fraud control methods. We present a method based on 7 steps. Our method starts with the acquisition of data, continues with the analysis, processing and design of diverse scenarios that answer our research questions.
Sharing results on a scientific publication is the aim of many researchers. Simulators allow researchers to calculate the outcome of their experiments and test their hypothesis. There are several advantages that will happen if the results of a scientific paper are based on a simulator. First, the whole setup of the experiment can be replicated using the same tool. Second, the synthetic data sets generated can be shared. Third, the whole simulator can also be shared if need it.

About Speaker: Edgar Lopez-Rojas is currently a post-doctoral researcher at the Digital Forensics group at NTNU in Gjøvik, Norway. Edgar obtained his PhD in Computer Science at Blekinge Institute of Technology and his research area is fraud detection and related interest topics: Multi-Agent Based Simulation, Machine Learning techniques with applied Visualization in the domain of retail stores, mobile payments and Anti Money Laundering (AML) for financial transactions. Edgar has a Bachelor’s degree in Computer Science from EAFIT University in Colombia and a Master’s degree in Computer Science from Linköping University in Sweden.

*********************************************
13.04.2018, 12:15 – 13h, A153, A building

Speaker: Gunnar Alendal, PhD candidate

Title: Mandatory security vs. Digital Forensics

Abstract: As some areas of digital forensic are overwhelmed with data, others are getting less. The increasing complexity and mandatory security of end user devices and services are making digital forensic acquisition increasingly harder. Simply getting access to the data is challenging. This session will try to elaborate on some of these challenges, with technical examples and possible directions.

About Speaker: Gunnar Alendal holds a Master's degree in Cryptography from the University of Bergen. He has a broad experience within different aspects of computer security, but tends to specialize in the use (and misuse) of cryptography, reverse engineering, embedded devices, malware detection and exploitation. He has worked for the less public parts of the Norwegian Armed Forces and more public companies like Anti-virus company Norman, were he worked on developing the Norman Sandbox. Lately he has been working mainly with digital forensics.

*********************************************
20.04.2018, 12:15 – 13h, A254, A building

Speaker: Shao-Fang Wen, PhD candidate

Title: An empirical study on security knowledge sharing and learning in open source communities

Abstract: Knowledge sharing and learning in open source communities have been broadly studied in the literature. Many researchers observed that the open source community offers significant learning opportunities from its free/open programming practices. However, studies that specifically explore security knowledge sharing and learning in open source communities are scarce. To fill this research gap, this study took a mixed methods research design, wherein qualitative data was collected to both establish the study’s research model and develop a survey instrument that was distributed to participants in open source projects on GitHub. Statistical analytical techniques were then employed to test hypothesized relationships in the model to gain a better understanding of this research topic. In this seminar, we will describe our research methods and share major findings of the empirical study.

About Speaker: Shao-Fang (Steven) Wen graduated from National Chiao-Tung University in Taiwan in 1997 with a Master of Science Degree in Industrial Engineering. Before joing NTNU, he has worked for a number of companies in the IT industry in Taiwan for over 15 years. He is now a Ph.D. candidate in the area of Information Security Management at NTNU Gjøvik.

*********************************************