NISseminar is a weekly research seminar, which targets professors, researchers, PhD candidates, MSc and BSc students at NTNU i Gjøvik. It shall bring together researchers and students to have an academic exchange on a topic in information security presented by one of NISlab researchers. The seminar takes place on Fridays during the lunch break 12.15 - 13.00, and is open to all interested.To follow the online series, please find the playlist of recordings here: https://www.youtube.com/playlist?list=PL17KQCa8hhvApcc1LO8aarrNmm5sFgmni
20.01.2017, 12:15 – 13h, A153, A building
Speaker: Espen Blikra, Dataingeniørstudent
Title: What I did as technical student at CERN in 2016.
: Dataingeniørstudent Espen Blikra will give an overview of his work at CERN as a technical student in 2016. Espen was a network administrator in the ATLAS project (http://atlas.cern/) where he did Python programming, automatic firmware upgrades, InfiniBand networking, OpenVSwitch, and work on SDN and QOS which resulted in a poster at the CHEP conference.
03.02.2017, 12:15 – 13h, A153, A building
Title: Data mining techniques and applications used in official data
About the speaker
: Ogerta Elezaj is a lecture in the Department of Applied Statistics and Informatics, in the Faculty of Economics, Tirana University. She is studying for the degree of "PhD in Information System" focusing on the application of data mining techniques in the system of official statistics. She teaches courses on Procedural and Object-Oriented Programming C++, Database Management System and Applied Econometrics. Her research interests span data mining, knowledge discovering and knowledge management in large databases. Much of the work has been on improving the understanding, design, and implementation of data processing systems, mainly through the application of data mining, statistics, and performance evaluation. From 2007-2015 she worked at the National Institute of Statistics in Albania, in the position Director of IT Department. During these years she designed and implemented the automatic data capturing and managing information system for Censuses and Surveys using ReadSoft software. She is graduated in 2007 from Faculty of Economics, University of Tirana, with a degree in Informatics applied in Economics. She has worked as a temporary agent in EUROSTAT, Luxembourg in 2009 in the “Data and metadata services and standards” unit. She has good knowledge in processing and analysis of data through statistical software SAS, SPSS, R and programming in C++, Visual Basic.net. She has published scientific articles, as well as presentations at scientific conferences.
The world of virtual currencies is exponentially growing having ambitions to replace many of the present-day financial systems. Bitcoin, the first de-cenralized cryptocurrency, has hitherto been the most successful one out of many existing virtual currencies. Yet, having many limitations, Bitcoin is continuously being refined. Scalability has been the biggest issue up until now which encouraged an invention of off-chain transactions. The off- chain transactions are Bitcoin transactions that do not get on the Bitcoin’s public ledger, blockchain. Such a concept changes the whole idea in a principle way. The presentation will discuss what problems de-cenralized cryptocurrencies try to solve, what are the current limitations and approaches to solve them.
Received a Bachelor degree in Information security from National Technical University of Ukraine “Kyiv Polytechnic Institute” in 2012. Graduated Gjøvik University College in 2014 with a Master degree in Information secuirty. Before joining Testimon Forensics Research Group at NISlab as a PhD student, was employed at UBS AG as a software developer, Investment Banking department.
03.03.2017, 12:15 – 13h, A153, A-Building
Speaker: Sergii Banin
Title: Memory access patterns for malware detection
This paper presents a novel method that could potentially detect zero-day attacks and contribute to proactive malware detection. Our method is based on analysis of sequences of memory access operations produced by binary _le during execution. In order to perform experiments, we utilized an automated virtualized environment with binary instrumentation tools to trace the memory access sequences. Unlike the other relevant papers, we focus only on analysis of basic (Read and Write) memory access operations and their n-grams rather than on the fact of a presence or an overall number of operations. Additionally, we performed a study of n-grams of memory accesses and tested it against real-world malware samples collected from open sources. Collected data and proposed feature construction methods resulted in an accuracy of up to 98.92% using such Machine Learning methods as k-NN and ANN.
Sergii Banin took his Bachelor's in Computer Engineering at National Technical University of Ukraine "Kiev Polytechnic Institution" and graduated in 2014.
In 2016 he got Master's degree in Information Security at NTNU in Gjøvik. Started PhD at NTNU in Gjøvik in 2016.
10.03.2017, 12:15 – 13h, A153, A-Building
Speaker: Marta Gomez-Barrero
Title: Biometric Template Protection and Unlinkability
The wide deployment of biometric recognition systems in the last two decades has raised privacy concerns regarding the storage and use of biometric data. As a consequence, the
ISO/IEC 24745 international standard on biometric information protection has established two main requirements for protecting biometric templates: irreversibility and unlinkability. Numerous efforts have been directed to the development and analysis of irreversible templates. However, there is still no systematic manner to analyse the unlinkability of such templates. We address this shortcoming by proposing a new general framework for the evaluation of biometric templates unlinkability.
Marta Gomez-Barrero received her MSc degrees in Computer Science and Mathematics, and her PhD degree in Electrical Engineering from Universidad Autonoma de Madrid, in 2011 and 2016, respectively. She has carried out research internships at several worldwide leading groups in biometric recognition such as the Norwegian Biometrics Laboratory, part of the NISlab – Norwegian Information Security laboratory, at NTNU i Gjøvik, and the COMLAB, at Università degli Studi Roma Tre, Italy. Since 2016 she is a postdoctoral researcher at the Center for Research in Security and Privacy (CRISP), Hochshule Darmstdt, Germany. Her current research focuses on security and privacy evaluations and template protection schemes. She is the recipient of a number of distinctions, including: EAB European Biometric Industry Award 2015, Siew-Sngiem Best Paper Award at ICB 2015, Archimedes Award for young researches from Spanish MECD and Best Poster Award at ICB 2013.
24.03.2017, 12:15 – 13h, , A153, A-Building
Speaker: Narayan Tulshidas Vetrekar
Title: Extended Multi-spectral Imaging for Face Biometrics
Biometric authentication based on face recognition acquired enormous attention due to its non-intrusive nature of image capture. Recently, with the advancement in sensor technology, face recognition based on multi-spectral imaging has gained lot of popularity due to its potential of capturing discrete spatio-spectral images across the electromagnetic spectrum. In this presentation, I will be presenting a customized extended multispectral imaging sensor that can capture a spectral images in nine narrow spectral bands across 530nm to 1000nm (Visible-NearInfrared) wavelength range. Further, in the presentation, the performance analysis study across two different age groups using our extended multi-spectral face database.
Narayan Tulshidas Vetrekar, completed his Master’s program in Electronics, from Department of Electronics , Goa University, India, in the year April 2010. Currently, he is Ph.D. student at Department of Electronics on the research title ‘Robust Facial Biometrics using Multi-spectral Imaging’ since November, 2011. He is a visiting research student, hosted by Norwegian Information Security laboratory, Norwegian University of Science and Technology (NTNU).
CIRA (Conflicting Incentives Risk Analysis) is a novel approach to risk analysis that focuses on the consequences of human decisions when identifying risks. However, in its current state, it lacks the theoretical foundation in psychology. Therefore it is necessary to identify and integrate relevant psychological theories into the current framework. Taking into account that stakeholders might not cooperate with the analyst during risk analysis, it is crucial to consider eﬃcient and reliable data acquisition methods that require no direct access to the stakeholders. By integrating theories of behavior prediction and appropriate data collection methods CIRA is expected to become suitable for identifying real-life risks. To test this assumption the performance of the enhanced method will be assessed within the context of the IoTSec project focusing on Smart Electrical Grids.
Adam Szekeres has got his Bachelor and Master degree in psychology from the University of Szeged, Hungary. He started his PhD at NTNU in 2016 and the aim of his research is to incorporate methods of behavior prediction from psychology into the domain of information security risk analysis.
Title: Secure and Privacy Preserving Biometric Authentication and Transaction Protocols
In recent years we have seen great increase in deployment of biometric technologies, where smartphones are one of the main contributors. Demand for more convenient authentication methods led device manufacturers to include integrated sensors to capture biometric characteristics, such as fingerprint and iris. Use-cases for the biometric technologies range from unlocking the device, to accessing bank accounts and performing transactions. In such scenarios it is important to make sure the protocols are secure and the privacy of the user and their biometric data is handled in an appropriate manner. In this work we study methods for remote biometric authentication of users, and authentication or verification of transactions.
Bachelor in Computer Engineering from Bergen University College (Høgskolen i Bergen).
Masters in Information Security from Gjøvik University College (Høgskolen i Gjøvik).
Now working on a Ph.D. in Information Security at NTNU Gjøvik.
Despite the security community’s emphasis on the importance of building secure open source software (OSS), the number of new vulnerabilities found in OSS is increasing. Vulnerabilities that have been studied for years are still commonly reported in vulnerability databases. This leads to a need for reiteration of software security studies for OSS developments to understand the existing security practices and the security weakness among them. On the other hand, software security is not just about technology and applications. It is also about the people that develop and use those applications and how their vulnerable behaviors can lead to exploitation. In this research work, a systematic literature review method with a scoio-technical analysis approach is applied to identify, extract and analyze the security studies conducted in the context of open source development. It aims to show the need for the security practices (social and technical aspects) to be a concern into the open source development process.
Shao-Fang (Steven) Wen graduated from National Chiao-Tung University in Taiwan in 1997 with a Master of Science Degree in Industrial Engineering and Management and has worked for a number of companies in the IT industry in Taiwan for over 15 years. He is now a Ph.D. candidate in the area of Information Security Management at NTNU Gjøvik.
A notable trend is found in the proliferation of systems and devices of various sizes and in various environments that are connected to the Internet through various network protocols. This Internet of Things (IoT) is still not fully developed or explored, but it is just a question of time before information gathered by these systems will be used as evidence in court. How will evidence dynamics be affected by machine to machine communication and data processing in IoT systems? What are the challenges these new systems pose for the digital forensic scientist and what are the opportunities they promise?
Jens-Petter Sandvik is a PhD candidate at the NTNU digital forensics group, researching IoT forensics. He has been working with digital forensics in the National Criminal Investigation Service (Kripos) since 2006.
19.05.2017, 12:15 – 13h, K105, A-Building
Speaker: Jialiang Peng
Title: A novel Binarization Scheme for Real-valued Biometric Feature
Biometric binarization is the feature-type transformation that converts a specific feature representation into a binary representation. It is a fundamental issue to transform the real-valued feature vectors to the binary vectors in biometric template protection schemes. The transformed binary vectors should be high for both discriminability and privacy protection when they are employed as the input data for biometric cryptosystems. We present a novel binarization scheme based on random projection and random Support Vector Machine (SVM) to further enhance the security and privacy of biometric binary vectors. The proposed scheme can generate a binary vector of any given length as an ideal input for biometric cryptosystems. In addition, the proposed scheme is independent of the biometric feature data distribution.
Several comparative experiments are conducted on multiple biometric databases to show the feasibility and efficiency of the proposed scheme.
Dr. Jialiang Peng received the B.S degree and M.S. degree in Computer Science from Heilong Jiang University, Harbin, P.R. China in 2002 and 2005, respectively, and the Ph.D. degree in Computer Science from Harbin Institute Technology, P.R. China, in 2014. He had been a senior engineer at Information and Network Administration Centre of Heilongjiang University, P.R. China since 2005. Currently he is a researcher at Norwegian Information Security laboratory of Norwegian University of Science and Technology in Gjøvik. He has been involved in several Chinese and European projects focused on biometrics and privacy enhancing technologies. He has published more than 20 international journal papers and conference papers.
Security governance in highly constrained and dynamic networks, such as C2 (Command and Control) and C4I (Command, Control, Communications, Computers, and Intelligence) systems at the tactical edge, requires refined control and adaptability to the rapidly evolving operational context. Imagine that you are in the field, commanding a cordon and search operation, and you receive information that a building is trapped with IEDs (Improvised Explosive Device). One of the tactical teams under your command is already executing a building clearing. What do you do, and how the network can accommodate your decision efficiently and effectively, while maintaining security?
Vasileios comes from Thessaloniki, the second largest city of Greece, located in central Macedonia. In 2011, Vasileios completed his Bachelor degree on electronics engineering and continued his studies with the “wireless communication systems” MSc of Brunel University of London. During and after this period, Vasileios has been employed as an automation systems designer, core network engineer, and in research projects related to network security, critical infrastructure security and system usability. During June of 2014 Vasileios "landed" at Gjøvik and joined the critical infrastructure group of the former “Norwegian Information Security laboratory” working, as a PhD research fellow, at the EDA (European Defense Agency) project TACTICS (Tactical Service Oriented Architecture). Ever since, he is enjoying the Norwegian nature and hospitality, while having successfully survived/enjoyed his third Norwegian winter.