The HAIC public outreach initiative aims to make cybersecurity more accessible to a broader audience. As part of this initiative, are organizing HAIC Talks, a series of public lectures on contemporary topics in cybersecurity. In the style of studia generalia, these lectures are free and open to everyone. No background knowledge in cybersecurity is required. HAIC Talks are made possible through the generous support of the Aalto University School of Science.
Sign-up for our HAIC Talks mailing list to hear about future events.
October 29, 2024: Learning from cybersecurity exercises — the case of Locked Shields – with Rain Ottis
Lecture description: The talk will first introduce cybersecurity exercises in general and the Locked Shields exercise in particular. After that Dr. Ottis will discuss the exercise-related research that has been conducted by staff and students of TalTech’s Centre for Digital Forensics and Cyber Security, in an effort to show how exercises can enable cybersecurity research.
This HAIC Talk was not recorded but you can find the presentation slides here: Learning from cybersecurity exercises — the case of Locked Shields – with Rain Ottis
About the speaker: Dr Rain Ottis is the Professor of Cyber Operations and the Head of the Centre for Digital Forensics and Cyber Security in Tallinn University of Technology, Estonia. From 2008 to 2012 he served as a researcher at the NATO Cooperative Cyber Defence Centre of Excellence, where he worked on cyber security in the context of national and international security. Prior to that assignment he served as a signal officer in the Estonian Defence Forces, focusing primarily on cyber defence training and awareness. His research interests include cyber conflict, national cyber security and cyber security exercises.
Time: 29.10.2024 at 16:00 – 17:30 (coffee and buns served from 15:30). The lecture will be approximately 60 minutes, after which there will be time for questions.
Venue: Lumituuli auditorium, Dipoli, Aalto University (Otakaari 24, Espoo).
Registration: The event is open to all and free of charge but we ask you to register for the event as it helps us to estimate the number of coffee ordered. Registration is closed.
September 25, 2024: Time and Place in Digital Forensic Science – with Matthew Sorell
Lecture description: Everywhere you go, you leave your digital traces behind. Mobile and wearable devices, video, social media and pervasive sensors everywhere capture every breath you take, and every move you make.
Or so you think. In reality it’s rarely that simple.
Since 2022, my team at Digital Forensic Sciences Australia has been developing a new form of map visualisation when handling sparse time-location data. Instead of showing how a suspect can get from one place to another, we show where the suspect can reach. Our prototype is now used operationally in active missing persons investigations in Australia. The impact of our approach is profound. Whereas a conventional investigation will work outwards from the crime scene and inwards from an outer cordon, the reach map approach quickly narrows down the focus to what is possible. For the first time, defensible use can be made of negative results to exclude geographical options.
In this presentation, I’ll demonstrate the current capability of the prototype tool and show examples of the tool in practical use cases. I’ll discuss computational complexity and visualisation of real investigative problems linking locations and timelines into a coherent view of what is possible, and show the impact reach mapping can have on real-time investigation.
About the speaker: Dr Matthew Sorell joined the faculty of the School of Electrical and Electronic Engineering at the University of Adelaide in 2002, specialising in telecommunications and multimedia engineering. In 2016 he assisted South Australian Police in a murder investigation, the first case worldwide involving an Apple Watch and Apple Health Data. Dr Sorell is currently the sole court-recognised independent expert on mobile device and network evidence in Australia.
In 2022 he founded Digital Forensic Sciences Australia, a private company providing specialist digital forensic science services in Australia and internationally. Since 2017, he has been an invited member of the INTERPOL Digital Forensics Experts Group and in 2019 was appointed Scientific Advisor to FORMOBILE, an EU-funded project concerned with mobile phones as evidence from crime scene to court room.
Dr Sorell has led cybersecurity research and education collaboration between the University of Adelaide and the Tallinn University of Technology (TalTech), Estonia, since 2015. He was appointed Adjunct Professor of Digital Forensic Science at TaltTech in 2018 and in 2021 was appointed Honorary Consul of Estonia in South Australia.
Time: 25.9.2024 at 16:00 – 17:30 (coffee and buns served from 15:30). The lecture will be approximately 60 minutes, after which there will be time for questions.
Venue: Lumituuli auditorium, Dipoli, Aalto University (Otakaari 24, Espoo).
Registration: The event is open to all and free of charge but we ask you to register for the event as it helps us to estimate the number of coffee ordered. Registration is closed.
April 17, 2024: Challenges and Practical Approaches to Design Private and Scalable Information Data Management Systems – with Amr El Abbadi
Lecture description: Increasingly countries and regions have strict laws and regulations to protect the privacy of personal data. For example, the states of the European Union (EU) enforce the General Data Protection Regulations (GDPR) to protect personal data of individuals living in the EU. Much research has focused on preserving the privacy of data using various advanced cryptographic techniques. However, and irrespective of the privacy of the data itself, just the queries requesting the data raise severe privacy concerns owing to numerous attacks and data breaches using access patterns.
Our goal in this talk is to demonstrate how private access of data, using sophisticated, expensive but secure cryptographic methods can become a practical reality in the near future. Our focus is on supporting oblivious queries and thus hide any associated access patterns on both private and public data.
For private data, ORAM (Oblivious RAM) is one of the most popular approaches for supporting oblivious access to encrypted data. However, most existing ORAM datastores are not fault tolerant and hence an application may lose all of its data when failures occur. To achieve fault tolerance, we propose QuORAM, the first datastore to provide oblivious access and fault-tolerant data storage using a quorum-based replication protocol.
For public data, PIR (Private Information Retrieval) is the main mechanism proposed in recent years. However, PIR requires the server to consider data as an array of elements and clients retrieve data using an index into the array. This requirement limits the use of PIR in many practical settings, especially for key-value stores, where the client may be interested in a particular key, but does not know the exact location of the data at the server.
In this talk we will discuss recent efforts to overcome these limitations, using Fully Homomorphic Encryption (FHE), to improve the performance, scalability and expressiveness of privacy preserving queries of public data.
This HAIC Talk was not recorded but you can find the presentation slides here: Challenges and Practical Approaches to Design Private and Scalable Information Data Management Systems – with Amr El Abbadi
About the speaker: Amr El Abbadi is a Professor of Computer Science. He received his B. Eng. from Alexandria University, Egypt, and his Ph.D. from Cornell University. His research interests are in the fields of fault-tolerant distributed systems and databases, focusing recently on Cloud data management, blockchain based systems and privacy concerns.
Prof. El Abbadi is an ACM Fellow, AAAS Fellow, and IEEE Fellow. He was Chair of the Computer Science Department at UCSB from 2007 to 2011. He served as Associate Graduate Dean at the University of California, Santa Barbara from 2021–2023. He has served as a journal editor for several database journals, including, The VLDB Journal, IEEE Transactions on Computers and The Computer Journal. He has been Program Chair for multiple database and distributed systems conferences, including most recently SIGMOD 2022. He currently serves on the executive committee of the IEEE Technical Committee on Data Engineering (TCDE) and was a board member of the VLDB Endowment from 2002 to 2008. In 2007, Prof. El Abbadi received the UCSB Senate Outstanding Mentorship Award for his excellence in mentoring graduate students. In 2013, his student, Sudipto Das received the SIGMOD Jim Gray Doctoral Dissertation Award. Prof. El Abbadi is also a co-recipient of the Test of Time Award at EDBT/ICDT 2015. He has published over 350 articles in databases and distributed systems and has supervised over 40 PhD students.
Time: 17.4.2024 at 16:00 – 17:30 (coffee and buns served from 15:30). The lecture will be approximately 60 minutes, after which there will be time for questions.
Venue: Lumituuli auditorium, Dipoli, Aalto University (Otakaari 24, Espoo).
Registration: The event is open to all and free of charge but we ask you to register for the event as it helps us to estimate the number of coffee ordered, thank you.
April 27, 2023: Privacy in 5G – Explained at the example of Pretty Good Phone Privacy (PGPP)– with Silke Holtmanns
Lecture description: 5G has learned lessons from previous generations and improved the privacy of a subscriber. Still it seems that the privacy is not perfect and there are offerings like Pretty Good Phone Privacy (PGPP) that promise an even better privacy. As a consumer, the question arises, how good is 5G privacy and what are the real privacy risks, if I take PGPP is my privacy really better and what are the potential side effects? In this talk, we will focus on location privacy, its improvements, but also the weak practical issues that come when 5G networks are deployed.
This HAIC Talk was not recorded but you can find the presentation slides here: Privacy in 5G – Explained at the example of Pretty Good Phone Privacy (PGPP)– with Silke Holtmanns
About the speaker: Silke has 23 years of telecommunication security experience. She worked for Ericsson, Nokia, AdaptiveMobile Security, ENEA and is now with the PwC Finland 5G Security Team. She holds a PhD in Mathematics and is a Certified Information System and Cloud Security Professional (CISSP and CCSP). The technology evolved and Silke is securing that path from mobile payments, WAP, 3GPP, GSMA, LTE & 5G, remote provisioning, eSIM, core network, OpenRAN, SMS, interconnection, threat analysis, to cloud & virtualization and security compliance.
Silke has discovered new attacks e.g., for slicing attacks, location and presented at Blackhat and Defcon.
Silke is a member of the EU ENISA Advisory Group to provide her expertise to secure 5G and critical infrastructure. In her position at PwC she assists vendors, cloud providers, vertical industries and operators.
Silke is deeply into cooking and Taekwondo.
Time: 27.4.2023 at 16:00 – 17:30 (coffee and buns served from 15:30). The lecture will be approximately 60 minutes, after which there will be time for questions.
Venue: T1 auditorium, CS building, Aalto University (Konemiehentie 2, Espoo)
Registration: The event is open to all and free of charge but we ask you to register for the event as it helps us to estimate the number of coffee ordered, thank you.
December 12, 2022: Unpatched Design Vulnerabilities in Cellular Standards – with Yongdae Kim
Lecture description: In a couple of years, “study items” for the 6G security standard will be set. Security issues not included in these study items are unlikely to be standardized and patched even in 6G. Therefore, before these study items are set, the security research community needs to put in effort to find security vulnerabilities in cellular standards up to 5G. Furthermore, as a community, we need to find solutions to these vulnerabilities that are practical enough to be accepted by the standard bodies. In this talk, I will introduce unpatched design vulnerabilities and attacks in cellular standards up to 5G. I will also talk about potential defense mechanisms and reasons why they have not been accepted in 3GPP so far.
This HAIC Talk was not recorded but you can find the presentation slides here: Unpatched-design-vulnerabilities-in-cellular-standards_YK.
About the speaker: Yongdae Kim is a Professor in the Department of Electrical Engineering and the Graduate School of Information Security and a head of Police Science and Technology Research Center at KAIST. He received a PhD degree from the computer science department at the University of Southern California in 2002. Before joining KAIST in 2012, he was a professor in the Department of Computer Science and Engineering at the University of Minnesota – Twin Cities for 10 years. He served as a KAIST Chair Professor between 2013 and 2016 and a director of Cyber Security Research Center between 2018 and 2020. He is currently serving as a steering committee member of ACM WISEC and served as a general chair for ACM CCS 2021, a program committee chair for ACM WISEC 2022, an associate editor for ACM TOPS, and a steering committee member of NDSS. His main research interest is finding and fixing novel vulnerabilities for emerging technologies such as drones, self-driving cars, and cellular networks.
Time: 12.12.2022 at 16:00 – 17:30 (coffee and buns served from 15:30). The lecture will be approximately 60 minutes, after which there will be time for questions.
Venue: Lumituuli, Dipoli, Aalto University (Otakaari 24, Espoo)
Registration: The event is open to all and free of charge but we ask you to register for the event as it helps us to estimate the number of coffee ordered, thank you.
October 31, 2022: Current State of Applied Cryptography – Attacks, Standardization, Government Requirements, and Best Practices – with John Mattsson
Lecture description: Applied cryptography has been a very active area in the last 10 years since the Snowden revelations. From being used selectively, cryptography is now used everywhere for both security and privacy. To prevent pervasive monitoring, mandatory to use encryption, identity protection, and perfect forward secrecy are now seen as requirements. The increased use of crypto has put new requirements on performance, and old standards with questionable security have been replaced with new high-performance algorithms with improved side-channel protection. Current activities include aligning with zero trust principles and making systems resistant to attacks from quantum computers. This talk will explain how and why applied cryptography has evolved in recent years and how it will change with the introduction of post-quantum algorithms and key encapsulation mechanisms.
This HAIC Talk was not recorded but you can find the presentation slides here: Current State of Applied Cryptography – Attacks, Standardization, Government Requirements, and Best Practices – with John Mattsson
About the speaker: John is an expert in cryptographic algorithms and security protocols at Ericsson Research. His work focuses on applied cryptography, security protocols, privacy, IoT security, post-quantum cryptography, and trade compliance. During his 15 years at Ericsson, he has worked with a lot of different technology areas and been active in many security standardization organizations including IETF, IRTF, 3GPP, GSMA, and NIST where he has significantly influenced Internet and cellular security standards. In addition to designing new protocols, John has also found significant attacks on many algorithms and protocols including Polar Bear, GCM, SRTP, CoAP, and SCTP. John holds an M.Sc. in engineering physics from KTH Royal Institute of Technology, Sweden, and an M.Sc. in business administration and economics from Stockholm University.
Time: 31.10.2022 at 16:00 – 17:30 (coffee and buns served from 15:30). The lecture will be approximately 45 minutes, after which there will be time for questions.
Venue: Lumituuli, Dipoli, Aalto University (Otakaari 24, Espoo)
Registration: The event is open to all and free of charge but we ask you to register for the event as it helps us to estimate the number of coffee ordered, thank you.
May 24, 2022: How Will QUIC Change Internet Communication? – with Lars Eggert
Lecture description: QUIC is a new UDP-based transport protocol for the Internet, and specifically, the web. Originally designed and deployed by Google, it already makes up 35% of Google’s egress traffic, which corresponds to about 7% of all Internet traffic. The strong interest by many other large Internet players in the ongoing IETF standardization of QUIC is likely to lead to an even greater deployment in the near future.
This talk will first present what is QUIC, the unique design aspects of the protocol, and how it is different from the conventional HTTP/TLS/TCP web stack. It will then discuss the performance of QUIC on the Internet and the potential impact of the protocol once it is widely deployed.
About the speaker: Lars is an experienced technology leader with deep expertise in distributed systems, network architectures and protocol design, ranging from the Internet to datacenter to IoT/edge environments. He drives NetApp’s networking strategy through academic collaborations with top universities and open source collaborations.
Lars has been leading Internet standardization for two decades as a member of the IETF’s steering group and architecture board, and he currently chairs the IETF. In the past, he chaired the IETF’s research arm, the IRTF, and the IETF’s QUIC working group. He also serves on the program and organization committees of academic conferences such as ACM SIGCOMM and USENIX NSDI, as well as numerous other boards.
Lars received his Ph.D. in Computer Science from the University of Southern California (USC) in 2003. Before joining NetApp in 2011, he was a Principal Scientist at Nokia and served on the corporation’s CTO and CEO Technology Councils. In parallel, from 2009-2014, Lars was an Adjunct Professor at Aalto University. From 2003-2006, he was a senior researcher at NEC Labs.
Time: 24.5.2022 at 12:30-12:30. The lecture will be approximately 45 minutes, after which there will be time for questions.
Venue: T1 lecture hall (2nd floor), CS-building, Konemiehentie 2, 02150 Espoo.
Registration: Please register to our event so that we don’t run out of coffee and buns!
This HAIC Talk is part of the Secure Systems Demo Day 2022. After the talk there will be other posters and demonstrations of the research group’s recent results. Demo Day 2022 is open to everyone and free of charge.
May 23, 2022: Attacking the Brain: Security and Privacy Case Studies in Online Advertising, Misinformation, and Augmented Reality – with Franziska Roesner
Lecture description: People who use modern technologies are inundated with content and information from many sources, including advertisements on the web, posts on social media, and (looking to the future) content in augmented or virtual reality. While these technologies are transforming our lives and communications in many positive ways, they also come with serious risks to users’ security, privacy, and the trustworthiness of content they see: the online advertising ecosystem tracks individual users and may serve misleading or deceptive ads, social media feeds are full of potential mis/disinformation, and emerging augmented reality technologies can directly modify users’ perceptions of the physical world in undesirable ways. In this talk, I will discuss several lines of research from our lab that explore these issues from a broad computer security and privacy perspective, leveraging methodologies ranging from qualitative user studies to systematic measurement studies to system design and evaluation. What unites these efforts is a key question: how are our brains “under attack” in today’s and tomorrow’s information environments, and how can we design platforms and ecosystems more robust to these risks?
About the speaker: Franziska (Franzi) Roesner is an Associate Professor in the Paul G. Allen School of Computer Science & Engineering at the University of Washington, where she co-directs the Security and Privacy Research Lab. Her research focuses broadly on computer security and privacy for end users of existing and emerging technologies. Her work has studied topics including online tracking and advertising, security and privacy for sensitive user groups, security and privacy in emerging augmented reality (AR) and IoT platforms, and online mis/disinformation. She is the recipient of a Consumer Reports Digital Lab Fellowship, an MIT Technology Review “Innovators Under 35” Award, an Emerging Leader Alumni Award from the University of Texas at Austin, a Google Security and Privacy Research Award, and an NSF CAREER Award. She serves on the USENIX Security and USENIX Enigma Steering Committees. She received her PhD from the University of Washington in 2014 and her BS from UT Austin in 2008. Her website is at https://www.franziroesner.com.
Time: 23.5.2022 at 16:00 – 17:30. The lecture will be approximately 60 minutes, after which there will be time for questions.
Venue: Online
Registration: Please register to receive online meeting information.
Please note that this HAIC talk precedes the Secure Systems Demo Day 2022.
April 27, 2022: Only 3 Left at This Price: Investigating Dark Patterns and Consumer Protections – with Marshini Chetty
Lecture description: Shopping online? Find yourself asking: are there really only 3 items left at this price? In some cases, the answer is that it is a downright lie or at best misleading in nature. Yet, it is not always easy to recognize this kind of content or the effect it has on consumers. In the shopping example, consumers may not realize they are being duped into making purchasing decisions they may not have, if fully informed and presented with accurate information. To keep up with this increasing trend towards intentionally misleading user interface choices, or dark patterns, which steer consumers down certain paths for the gain of the service provider, policy-makers are creating, discussing, and reviewing current regulations for online content. In this talk, I present case studies of dark patterns and the current consumer protections in place to prevent users from being harmed in the US: dark patterns used in shopping websites and in social media account deletion interfaces. I will provide evidence about the prevalence of these issues on the web, how users perceive them, and discuss what kinds of solutions can be put into place to help consumers become aware of and be protected from unfair and unjust practices that rely on misleading premises. To conclude, I will provide suggestions for future work for researchers, policy-makers, and designers who are invested in enhancing online consumer protections.
About the speaker: Marshini Chetty is an assistant professor in the Department of Computer Science at the University of Chicago, where she co-directs the Amyoli Internet Research Lab or AIR lab. She has a Ph.D. in Human-Centered Computing from Georgia Institute of Technology, USA and a Masters and Bachelors in Computer Science from the University of Cape Town, South Africa. In her former lives, Marshini was on the faculty in the Computer Science Department at Princeton University and the College of Information Studies at the University of Maryland, College Park. Her work has won best paper awards at SOUPS, CHI, and CSCW and has been funded by the National Science Foundation, the National Security Agency, Intel, Microsoft, Facebook, and multiple Google Faculty Research Awards.
Prior to this position, Marshini was research faculty in the Department of Computer Science at Princeton University where she founded and directed the Princeton Human Computer Interaction Laboratory. Before working at Princeton, Marshini was an assistant professor at the College of Information Studies at the University of Maryland, College Park where she directed the NetCHI laboratory. In the past, Marshini also completed two post-doctoral research fellowships at ResearchICTAfrica in Cape Town, South Africa and with Prof. W. Keith Edwards at the College of Computing at Georgia Institute of Technology. Marshini received her Ph.D. in Human-Centered Computing from Georgia Institute of Technology where she was advised by Prof. Rebecca E. Grinter. She started her journey in the USA after she completed her MSc., BSc.(Hons), and BSc. in Computer Science at the University of Cape Town, South Africa (her beautiful home country).
Time: 27.4.2022 at 16:00 – 17:30. The lecture will be approximately 60 minutes, after which there will be time for questions.
Venue: Online
Registration: Please register to receive online meeting information.
May 19, 2021: Internet of Things (IoT) Security: from specification to code – with Hannes Tschofenig
Description: During the last 10 years security researchers and standards experts have been working on specifications to ensure that state-of-the-art cryptography can be used on low end IoT devices. Most of those standards efforts have either been completed or are in the final stages. At the same time, industry groups and governmental agencies have written IoT security guidelines offering valuable suggestions for developers to design more secure IoT products. Even IoT security regulation exists asking for state-of-the-art crypto, the use of standards, and for a ban of passwords.
What challenges do developers face designing IoT products? Can they use open source software implementations and follow IoT security guidelines? In this talk Hannes Tschofenig will make an attempt to answer this question.
About the speaker: Hannes Tschofenig is employed by Arm; prior employers include the European Data Protection Supervisor, Nokia Siemens Networks, and Siemens. His work life focused on developing global standards to make the Internet more secure. He has been active in the IETF for the past 15 years and contributed to more than 80 RFCs on security, privacy and various Internet protocols. Hannes co-chaired several IETF working groups, including OAuth, ACE, KEYPROV, DIME, and ECRIT. From 2010 to 2014 Hannes was a member of the Internet Architecture Board (IAB), a committee of the IETF. Currently, he is a board member and chair of the Device Management and Service Enablement working group of OMA SpecWorks.
Venue: Online
Time: 16:00-17:30. The lecture will be approximately 60 minutes, after which there will be time for questions.
Registration: Registration is closed.
February 10, 2021: Human Factors in Secure Development – How we can help developers write secure code – with Yasemin Acar
Description: We are seeing a persistent gap between the theoretical security of e.g. cryptographic algorithms and real world vulnerabilities, data-breaches and possible attacks. Software developers – despite being computer experts – are rarely security experts, and security and privacy are usually, at best, of secondary importance for them. They may not have training in security and privacy or even be aware of the possible implications, and they may be unable to allocate time or effort to ensure that security and privacy best practices and design principles are upheld for their end-users. Understanding their education and mindsets, their processes, the tools that they use, and their pitfalls are the foundation for shifting development practices to be more secure. This talk will give an overview of security challenges for developers, and research avenues to address these.
About the speaker: Yasemin Acar is a Research Group Leader at MPI-SP, where she focuses on human factors in computer security. Her research centers humans, their comprehension, behaviors, wishes and needs. She aims to better understand how software can enhance users’ lives without putting their data at risk. Her recent focus has been on human factors in secure development, investigating how to help software developers implement secure software development practices. Her research has shown that working with developers on these issues can resolve problems before they ever affect end users. She was a visiting scholar at the National Institute for Standards and Technology in 2019, where she researched how users of smart homes want to have their security and privacy protected. She received the John Karat Usable Security and Privacy student Research Award for the community’s outstanding student in 2018. Her work has also been honored by the National Security Agency in their best cybersecurity paper competition 2016.
Venue: Online
Time: 16:00-17:30. The lecture will be approximately 60 minutes, after which there will be time for questions.
Registration: Registration is closed.
October 29, 2020:Learning from the People: From Normative to Descriptive Solutions to Problems in Security, Privacy & Machine Learning – with Elissa Redmiles
This talk is part of the Secure Systems Demo Day 2020 program.
Description: A variety of experts — computer scientists, policy makers, judges — constantly make decisions about best practices for computational systems. They decide which features are fair to use in a machine learning classifier predicting whether someone will commit a crime, and which security behaviors to recommend and require from end-users. Yet, the best decision is not always clear. Studies have shown that experts often disagree with each other, and, perhaps more importantly, with the people for whom they are making these decisions: the users.
This raises a question: Is it possible to learn best-practices directly from the users? The field of moral philosophy suggests yes, through the process of descriptive decision-making, in which we observe people’s preferences from which to infer best practice rather than using experts’ normative (prescriptive) determinations of best practice. In this talk, I will explore the benefits and challenges of applying such a descriptive approach to making computationally-relevant decisions regarding: (i) optimizing security prompts for an online system; (ii) determining which features are fair to include in a classifier and which decision makers should evaluate fairness; (iii) defining standards for ethical virtual reality content.
You can find presentation slides here: Learning from the People: From Normative to Descriptive Solutions to Problems in Security, Privacy & Machine Learning
About the speaker: Elissa M. Redmiles is a Faculty Member and Research Group Leader of the Digital Harm group at the Max Planck Institute for Software Systems. She additionally serves as a consultant and researcher at multiple institutions, including Microsoft Research and Facebook. Dr. Redmiles uses computational, economic, and social science methods to understand users’ security, privacy, and online safety-related decision-making processes. Much of her work focuses specifically on investigating inequalities that arise in these decision-making processes and mitigating those inequalities through the design of systems that facilitate safety equitably across users. Dr. Redmiles’ work has been featured in popular press publications such as Scientific American, Wired, Business Insider, Newsweek, Schneier on Security, and CNET and has been recognized with multiple Distinguished Paper Awards at USENIX Security as well as the John Karat Usable Privacy and Security Research Award. Dr. Redmiles received her B.S. (Cum Laude), M.S., and Ph.D. in Computer Science from the University of Maryland. As a graduate student, she was supported by a NSF Graduate Research Fellowship, a National Defense Science and Engineering Graduate Fellowship, and a Facebook Fellowship.
Venue: online
Time: 17:30 – 18:30. The lecture will be approximately 45 minutes, after which there will be time for questions.
Registration: Registration is closed.
This talk is part of the Secure Systems Demo Day 2020 program. With registration you get participation links to both online events. The Secure Systems Demo Day is an annual meet-up for researchers in academia and industry and gives an overview of the current information security research going on in Finland’s capital area.
October 6, 2020: 5th Generation Crime-fighting in Cyberspace: Lawful Intercept in 5G Networks – with Mats Näslund
Description: Our societies have been prospering, much due to huge technological advances over the last 100 years. Unfortunately, criminal activity has in many cases also been able to draw benefits from these advances. Communication technology, such as the Internet and mobile phones, are today “tools-of-the-trade” that are used to plan, execute, and even hide crimes such as fraud, espionage, terrorism, child abuse, to mention just a few. Almost all countries have regulated how law enforcement, in order to prevent or investigate serious crime, can sometimes get access to meta data and communication content of service providers, data which normally is protected as personal/private information. The commonly used term for this is Lawful Interception (LI). For mobile networks LI is, from a technical standpoint, carried out according to ETSI and 3GPP standards. In this talk, the focus will lie on the technical LI architecture for 5G networks. We will also give some background, describing the general, high-level legal aspects of LI, as well as some current and future technical challenges.
You can find presentation slides here: 5th Generation Crime-fighting in Cyberspace: Lawful Intercept in 5G Networks
About the speaker: Mats Näslund has an MSc in Computer Science (1993) and a PhD in cryptography (1998), both from KTH, Stockholm. From 1999 to 2017, he worked with most aspects of network and information security, including standardization contributions in IETF and 3GPP, as part of his employment with Ericsson Research. In 2009, he was appointed Inventor of the Year at Ericsson, and is (co-)inventor of over 100 patent families. As of 2017, he works as a cryptologist at the National Defence Radio Establishment outside Stockholm, an agency under the Swedish dept. of defence. As part of his work, he represents Sweden in technical LI standardization in 3GPP. Mats also has a part time appointment as adjunct professor at KTH.
Venue: online
Time: 17:00 – 18:30. The lecture will be approximately 60 minutes, after which there will be time for questions.
Registration: Registration is closed.
February 4, 2020: The Impact of the EU’s GDPR on Northern American Companies and Cross-Border Data Management – with Jordan Fischer
Description: In the last two years, new data protection regulations have gone into effect in a number of different regions, with the European Union’s General Data Protection Regulation garnering the most attention, both within Europe and in North America. For North American companies, the GDPR has heightened the data protection conversation to the executive level. Many companies in the US operated with little to no restrictions regarding data protection, but are now finding themselves brought under the GDPR requirements. Further, individual US states are moving more towards providing similar data protections as the GDPR: California being the most prominent.
This talk will focus on the role of the GDPR and EU data privacy regulations generally in driving the privacy conversation within North America. The varying regulatory requirements are converging when organizations exchange, transfer and process personal information across borders and, as such, forcing companies to take key steps to efficiently and securely implememnt data management practices.
This HAIC Talk was not recorded but you can find the presentation slides here: The Impact of the EU’s GDPR on Northern American Companies and Cross-Border Data Management
About the speaker: Jordan Fischer focuses her research on data privacy and cybersecurity, bringing an interdisciplinary approach to her teaching. Professor Fischer explores the convergence of the law and technology, researching the practical implications of regional data protection regulations within a backdrop of the global economy. Professor Fischer applies her practical experience working with multinational companies to better understand the evolution of security and privacy within changing regulatory and legal frameworks to balance consumer and end-user rights with enterprise innovation and business efficiencies.
After receiving her JD summa cum laude from the Kline School of Law in 2013, Professor Fischer clerked at the Court of Justice of the European Union in Luxembourg City, Luxembourg for Koen Lenaerts, who is now the president-judge of the court. Professor Fischer joined the Kline School of Law faculty in 2015, teaching European Union law courses.
In addition to teaching, Professor Fischer is a co-founder and managing partner at XPAN Law Group, LLC, a certified Women’s Business Enterprise by the Women’s Business Enterprise National Council and a certified Women Owned Small Business. At XPAN, she focuses her practice on international data privacy and cybersecurity and cross-border data management, with an emphasis in European Union data privacy regulations and the General Data Protection Regulation. Professor Fischer’s background in business and international data protection regulation enables her to provide critical legal guidance to balance business growth and development with data management, network assessments and best practices in cybersecurity. She also counsels clients on cross-border data management, including the complexities of discovery in international litigation.
Professor Fischer is a visiting scholar in the SECCLO programme.
Venue: Lumituuli auditorium, Dipoli, Otakaari 24, 02150 Espoo.
Time: 16:30 – 18:00 (coffee and buns served from 16:00). The lecture will be approximately 45 minutes, after which there will be time for questions.
Registration: HAIC Talks are open to everyone and free of charge but we ask you to register for the event as it helps us to estimate the number of coffee ordered, thank you.
November 1, 2019: Post-quantum Cryptography – with Kenneth Paterson
Description: Quantum computing represents a new computing paradigm that directly exploits the laws of physics to perform “interesting” computations. In particular, if someone could build a sufficiently large
quantum computer and run Shor’s algorithm on it, then they would be capable of breaking almost all currently deployed public key cryptographic algorithms. In this talk, I’ll explain the nature of this threat, and how the cryptographic research community, the tech industry, and governments are responding to it.
This HAIC Talk was not recorded but you can find the presentation slides here: Post-quantum Cryptography
About the speaker:
Kenny obtained a B.Sc. from the University of Glasgow and a Ph.D. from the University of London, both in Mathematics. He was then a Royal Society Fellow at the Institute for Signal and Information Processing in the Department of Electronic Engineering at ETH Zurich. After that, he was a Lloyd’s of London Foundation Research Fellow at Royal Holloway, University of London. Most recently, Kenny joined ETH Zurich as a Professor of Computer Science in April 2019.
Kenny’s research over the last two decades has mostly been in the area of Cryptography, with a strong emphasis being on the analysis of deployed cryptographic systems and the development of provably secure solutions to real-world cryptographic problems. He co-founded the Real World Cryptography series of workshops to support the development of this broad area and to strengthen the links between academia and industry. He is co-chair of the IRTF’s research group on Cryptography, CFRG. This group is working to provide expert advice to the IETF in an effort to strengthen the Internet’s core security protocols. His research on the security of TLS (the Lucky 13 attack on CBC-mode encryption in TLS and attacks on RC4) received significant media attention, helped to drive the widespread adoption of TLS 1.2 with its support for modern encryption schemes, and was an important factor in the TLS Working Group’s decision to abandon legacy encryption mechanisms in TLS 1.3.
Venue: Lumituuli auditorium, Dipoli, Otakaari 24, 02150 Espoo.
Time: 16:30 – 18:00 (coffee and buns served from 16:00). The lecture will be approximately 45 minutes, after which there will be time for questions.
Registration: HAIC Talks are open to everyone and free of charge but we ask you to register for the event as it helps us to estimate the number of coffee ordered, thank you.
October 4, 2019: Science of Security: Authentication and Predictive Logical Models – with Janne Lindqvist
Description: Can we trust the results of security research? Are most published research findings false? How can we improve security research? We will discuss these topics in the context of our recent work. We will show flaws in reporting that we discovered in top security research venues. We will discuss how to avoid these kinds of flaws and how to improve your general understanding of security research. We will also discuss why security research needs predictive logical models.
More information available at http://scienceofsecurity.science and in our recent publications “Robust Performance Metrics for Authentication Systems” (NDSS’19), “Forgetting of Passwords: Ecological Theory and Data” (USENIX Security’18) and “Recruit Until It Fails: Exploring Performance Limits for Identification Systems” (IMWUT/UbiComp’19).
This HAIC Talk was not recorded but you can find the presentation slides here: Science of Security
About the speaker: Janne Lindqvist is the recipient of the NSF CAREER award, which is NSF’s most prestigious awards in support of early-career faculty. He is an associate professor of electrical and computer engineering at Rutgers University and an associate professor of computer science at Aalto University. Janne directs the Rutgers Human-Computer Interaction and Security Engineering Lab. His work has received sustained attention in the global media with over 1000 mentions including Scientific American, IEEE Spectrum, MIT Technology Review, NPR, International Business Times, ABC News, CBS News, Fox News, Fortune, Computerworld, Der Spiegel, London Times, New Scientist, PBS, Slashdot, The Register, Wired (UK), Tietoviikko, Tekniikka ja Talous. Janne’s awards include the Best Paper Award from MobiCom’12, the Best Paper Nominee Award from UbiComp’14, and Sustainable Jersey Creation & Innovation Award 2014. You can find more about his group’s work at https://www.lindqvistlab.org.
Venue: TU2 auditorium in TUAS building, Maarintie 8, 02150 Espoo.
Time: 17:00 – 18:30 (coffee and buns served from 16:30). The lecture will be approximately 45 minutes, after which there will be time for questions.
Registration: HAIC Talks are open to everyone and free of charge but we ask you to register for the event as it helps us to estimate the number of coffee ordered, thank you.
March 1, 2019: 5G Security – the What, Why and How – with Alf Zugenmaier
Description: Standardization of the first phase of the next generation of cellular networks has almost concluded now, and the roll out of these 5G networks is coming soon. This talk will focus on the security of 3GPP 5G network standards. It will give an understanding of how standardization works, what was standardized for security and try to shed some light to why some things are the way they are.
This HAIC Talk was not recorded but you can find the presentation slides here: 5G Security
About the speaker: Alf Zugenmaier is professor for mobile networks and security at the university of applied sciences in Munich, Germany. He has been active in standardization within the 3GPP security standardization group since 2008, working on security standards for 4G and later 5G. Prior to becoming a professor, he worked at DOCOMO Euro-Labs in Munich, Germany, on secure mobility. Before that he was a postdoc at Microsoft Research in Cambridge, UK. He holds a PhD in Computer Science and a Diplom in Physics, both from University of Freiburg. His research interest are in network and systems security and privacy.
Venue: Lumituuli Auditorium, Dipoli, Otakaari 24, 02150 Espoo.
Time: 17:00 – 18:30 (coffee and buns served from 16:15). The lecture will be approximately 45 minutes, after which there will be time for questions.
Registration: HAIC Talks are open to everyone and free of charge but we ask you to register for the event as it helps us to estimate the number of coffees ordered, thank you.
February 6, 2019: Bitcoin, Blockchains and Smart Contracts: Understanding the Crypto in Cryptocurrencies – with Colin Boyd
Description: Cryptocurrencies and blockchains are the most widely publicized applications of cryptography today. Using the example of Bitcoin, we will aim to understand the cryptographic building blocks of cryptocurrencies and how they fit together to enable a distributed payment system. We will then explore why newer cryptocurrencies built on Bitcoin employ more advanced cryptography. In particular we will examine the contentious issue of anonymous payments. Finally we will discuss the concept of smart contracts, how they can be achieved using blockchains, and what kinds of applications they may be useful for.
This HAIC Talk was not recorded but you can find the presentation slides here.
About the speaker: Colin Boyd completed a Ph.D. in Mathematics in 1985 from the University of Warwick, UK. After 5 years at British Telecom Research Laboratories, where he first became interested in cryptography and information security, he started an academic career at University of Manchester. In 1995 he emigrated to Australia and spent 18 years at Queensland University of Technology (QUT). During this time he became Research Director at the QUT Information Security Institute. In 2013 he returned to Europe, taking up a position as Professor in Information Security at the Norwegian University of Science and Technology (NTNU). His main research interests are in cryptographic protocols, including key exchange, payment systems and voting.
Venue: Lumituuli Auditorium, Dipoli, Otakaari 24, 02150 Espoo.
Time: 17:30 – 18:30 (coffee and buns served from 17:00). The lecture will be approximately 45 minutes, after which there will be time for questions.
Registration: HAIC Talks are open to everyone and free of charge but we ask you to register for the event as it helps us to estimate the number of coffees ordered, thank you.
November 2, 2018: Cybercrime in the Sky – with Alice Hutchings
Description: Every day, hundreds of people fly on airline tickets that have been obtained fraudulently, and much of this is facilitated by cybercrime. I will use this example to explore cybercrime in more depth, and understand its real-world impacts. I will explore the trade in these tickets, drawing on interviews with industry and law enforcement, and an analysis of an online blackmarket. Tickets are purchased by complicit travellers or resellers from the online blackmarket. Victim travellers obtain tickets from fake travel agencies or malicious insiders. Compromised credit cards used to be the main method to purchase tickets illegitimately. However, as fraud detection systems improved, offenders displaced to other methods, including compromised loyalty point accounts, phishing, and compromised business accounts. In addition to complicit and victim travellers, fraudulently obtained tickets are used for transporting mules, and for trafficking and smuggling. I will identify the difficulties faced by law enforcement with identifying those who are complicit in this trade. I will also outline potential interventions, aimed at the act, the actor, and the marketplace, with the goal of preventing and disrupting this crime type.
About the speaker: Alice Hutchings is a University Lecturer in the Security Group at the Computer Laboratory, University of Cambridge. She is also part of the Cambridge Cybercrime Centre, an interdisciplinary initiative combining expertise from computer science, criminology, and law. Specialising in cybercrime, she bridges the gap between criminology and computer science. Generally, her research interests include understanding cybercrime offenders, cybercrime events, and the prevention and disruption of online crime.
Venue: Lumituuli Auditorium, Dipoli, Otakaari 24, 02150 Espoo.
Time: 17:00 – 18:30 (coffee and buns served from 16:30). The lecture will be approximately 45 minutes, after which there will be time for questions.
Registration: HAIC Talks are open to everyone and free of charge but we ask you to register for the event.
October 9, 2018: Hard Problems for Cryptography: From Factoring to Sudoku – with Chris Brzuska
Recording of Chris Brzuzka’s HAIC talk:
Description: Cryptographers use hard problems to construct unbreakable encryption schemes, pseudorandom number generators and more. A typical example is the factoring of large numbers, i.e., we learn in primary school how to multiply numbers, but given a large number, even supercomputers struggle to take it apart into its prime factors.
In the talk, we will see the diversity of hard problems that are candidates for secure cryptography, ranging from factoring to sudoku.
Recording of Chris Brzuska’s HAIC Talk’s questions & answers part:
About the speaker: Christopher Brzuska is a faculty member at the departments computer science and mathematics and systems analysis at Aalto University. His research area is cryptography and his activities range from investigating secure payment to generating numbers that look random although they are actually not.
Brzuska studied mathematics in Duisburg-Essen, Bordeaux and Darmstadt, holds a PhD from the computer science department at TU Darmstadt and worked as a post-doctoral researcher at Tel-Aviv University and Microsoft Research Cambridge. He was an assistant professor for IT Security Analysis at TU Hamburg where he closely collaborated with NXP Semiconductors.
Venue: Lumituuli Auditorium, Dipoli, Otakaari 24, 02150 Espoo.
Time: 17:45 – 19:15 (doors open at 17:30). The lecture will be approximately 45 minutes, after which there will be time for questions.
Registration: HAIC Talks are open to everyone and free of charge but we ask you to register for the event.
June 20, 2018: Science of Security—Theory vs. Measuring the Observable World – with Paul van Oorschot
Recording of Paul van Oorschot’s HAIC Talk:
Lecture description: Recent years have seen increasing calls to make security research more “scientific”. Who can argue with science being desirable? But what exactly do people mean when they suggest this, and what are they really seeking? What would a “Science of Security” look like? We consider these questions, in the context of historical science and more recent security research, offer observations and insights, and suggest where things might be improved.
About the speaker: Paul Van Oorschot is a Professor of Computer Science at Carleton University in Ottawa, where he has been Canada Research Chair since 2002, following 14-years in industry at Bell-Northern Research and related companies. He is an ACM Fellow and a Fellow of the Royal Society of Canada. He was Program Chair of USENIX Security 2008 and NDSS 2001-2002, and co-author of the Handbook of Applied Cryptography (1996). He has served on the editorial boards of IEEE TDSC, IEEE TIFS, and ACM TISSEC. His research interests include authentication and identity management, computer security, Internet security, security and usability, software security, and applied cryptography.
Venue: T1 lecture hall (2nd floor), CS-building, Konemiehentie 2, 02150 Espoo.
Time: 12:00-13:30. The lecture will be approximately one hour, after which there will be time for questions.
This HAIC Talk will open the Secure Systems Demo Day 2018. After the talk there will be other presentations, posters, and demonstrations of the research group’s recent results. Demo Day 2018 is open to everyone and free of charge. More information about the event and registration on Secure Systems Group web page.
June 19, 2018: The Advertisement Exchange: How to Develop Agile Cryptographic Support for an Evolving Ecosystem? – with Moti Yung
Recording of Moti Yong’s HAIC Talk:
Lecture description: Developing of Systems within a global infrastructure (or a cloud) has to take into account that the underlying system will evolve, new versions of software will develop, and if the system is successful then further services will be added. The development of security tools to such systems has to consider agility and scale-up of the initial design and adaptation to the evolving nature of the system. In fact, we argue that this is a basic principle in deployment of security solutions in modern global ecosystems. For example, cryptographic solutions have to be designed with extended scope in mind and with enough flexibility to allow the growing system to be able to exploit the existing cryptographic tools and methods (since a drastic change may be overly complex and will result in much development overhead).We demonstrate this “agility principle” by reviewing the development of cryptographic solution to Google’s global Advertisement Exchange (ADX), which is the system managing auctions for placing banner ads throughout the Internet.
Recording of Moti Yung’s HAIC Talk’s questions & answers part:
About the speaker: Moti Yung is a Security and Privacy Scientist with a main interest in Cryptography: its Theory and its Real life Applications. He graduated from Columbia University in 1988 and is an adjunct senior research faculty at Columbia till today. In parallel he has had an industrial research career working at places like IBM, RSA Labs. (EMC), Google, and Snap. Yung is a fellow of ACM, of IEEE, of the International Association for Cryptologic Research (IACR) and the European Association for Theoretical Computer Science (EATCS). Among his awards are ACM’s SIGSAC Outstanding Innovation Award in 2014, and 2018 IEEE Computer Society W. Wallace McDowell Award. His research covers broad areas: from the theory and foundations, to applied systems, and actual engineering efforts of cryptography and secure systems.
Venue: Lumituuli Auditorium, Dipoli, Otakaari 24, 02150, Espoo.
Time: 18:00 – 19:30 (doors open at 17:30). The lecture will be approximately 60 minutes, after which there will be time for questions.
Registration: HAIC Talks are open to everyone and free of charge but we ask you to register for the event.
February 22, 2018: Recent Trends in Cybercrime – with Yves Vandermeer
Recording of Yves Vandermeer’s HAIC Talk:
Lecture description: Cybersecurity is a trending topic nowadays, but what about Cyber crime, Dark markets, and Crypto currencies? Who are the cyber criminals, how are they organised, what tools do they use, and how do they choose their victims? Are we all targeted or are some of us more vulnerable? And finally, what is being done by law enforcement?
Recording of Yves Vandermeer’s HAIC Talk’s questions & answers part:
About the speaker: Yves Vandermeer holds an MSc in Computer Forensics, and has 20 years experience in law enforcement as a computer crime and computer forensics practitioner. Since 2017, he has been working for the Norwegian Police University College where he carries out research on file systems forensics, live data and network forensics. His focus is on delivering knowledge and tools to law enforcement practitioners and improving computer crime fighting and computer forensics handling. As chairman of the European Cybercrime Training and Education Group, Yves promotes cooperation between Academic and LEA worlds, bringing topic experts together to raise expertise and address identified cyber training needs.
Venue: Lumituuli Auditorium, Dipoli, Otakaari 24, 02150, Espoo.
Time: 18:00 – 19:30 (doors open at 17:30). The lecture will be approximately 45 minutes, after which there will be time for questions.
Press: Yves Vandermeer was also interviewed by Helsingin Sanomat (only in Finnish): https://www.hs.fi/teknologia/art-2000005582017.html
February 22: Introduction of HAIC Talks:
Recording of HAIC Talks introduction by N. Asokan and Andrew Paverd:
For further information, please contact:
Dr Mohit Sethi
Deputy Director of HAIC, Head of HAIC public outreach program
mohit.sethi@aalto.fi
Sign-up for our HAIC Talks mailing list to hear about future events.