PhD Research

The PhD research projects in the field of Cyber Security at the University of Tartu:

Ongoing

• Arnis Paršovs - Security of Estonian Electronic Identity Card, sup.: Dominique Unruh, Jan Villemson
• Ivo Kubjas - Algebraic approaches to problems arising in decentralized systems, sup.: Vitaly Skachek
• Jake Tom - Business Processes and Privacy, sup.: Raimundas Matulevičius, Peeter Laud
• Mubashar Iqbal - A Reference Model for Security Risk Management of the Blockchain-based Applications, sup.: Raimundas Matulevičius
• Pille Pullonen - Approachable proofs for secure multiparty computation, sup.: Dan Bogdanov, Sven Laur
• Raul-Martin Rebane - Cryptanalysis of Post-Quantum Algorithms, sup.: Dominique Unruh, Jan Villemson
• Tore Vincent Carstens - Verification of Postquantum Cryptography, sup.: Dominique Unruh

Defended

• Toomas Trips - Improving performance of secure real-number operations. Tartu, 2019, sup.: Jan Villemson, Dominique Unruh (more info)
• Ehsan Ebrahimi - Post-Quantum Security in the Presence of Superposition Queries. Tartu, 2019, sup.: Dominique Unruh (more info)
• Alisa Pankova - Efficient multiparty computation secure against covert and active adversaries. Tartu, 2017, sup.: Peeter Laud, Sven Laur (more info)
• Jaak Randmets - Programming Languages for Secure Multi-party Computation Application Development. Tartu, 2017, sup.: Peeter Laud, Varmo Vene (more info)
• Prastudy Mungkas Fauzi - Efficient Non-Interactive Zero-Knowledge Protocols in the CRS Model. Tartu, 2017, sup.: Helger Lipmaa (info more)
• Riivo Talviste - Applying Secure Multi-Party Computation in Practice. Tartu, 2016, sup.: Sven Laur, Dan Bogdanov (more info)
• Liina Kamm - Privacy-preserving statistical analysis using secure multi-party computation. Tartu, 2015, sup.: Sven Laur (more info)
• Naved Ahmed - Deriving Security Requrements from Business Process Models. Tartu, 2014, sup.: Raimundas Matulevičius, Marlon Dumas (more info)
• Dan Bogdanov - Sharemind: Programmable Secure Computations with Practical Applications. Tartu, 2013, sup.: Sven Laur (more info)
• Bingsheng Zhang - Efficient Cryptographic Protocols for Secure and Private Remote Databases. Tartu, 2011, sup.: Helger Lipmaa, Peeter Laud (more info)
• Margus Niitsoo - Black-box Oracle Separation Techniques with Applications in Time-stamping. Tartu, 2011, sup.: Ahto Buldas (more info)

Descriptions of On-going PhD Theses

Security of Estonian Electronic Identity Card

Description: The aim of this research is to study security aspects of smart card-based electronic identity card which has been successfully used in Estonia already for more than 15 years.

• Publications:
  • Danielle Morgan and Arnis Parsovs. Using the Estonian Electronic Identity Card for Authentication to a Machine. In Secure IT Systems: 22nd Nordic Conference, NordSec 2017, Tartu, Estonia, November 2017
  • Arnis Parsovs. Practical Issues with TLS Client Certificate Authentication. In Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2014

Algebraic approaches to problems arising in decentralized systems

Description: With the advances in cloud storage, increasing amount of information is being stored off-site and used in several computer terminals. These developments have raised new algorithmic challenges to engineers. One of the tasks that arise in the distributed storage systems, when the files are stored concurrently, is synchronization. Synchronization can be viewed as a problem of set reconciliation with the smallest communication complexity. Techniques from the area of network coding can potentially be applied to data processing problems arising in the distributed systems (such as the synchronization problem).

• Publications:
  • Kubjas, Ivo; Pikma, Tiit; Willemson, Jan (2017). Estonian Voting Verification Mechanism Revisited Again. Electronic Voting. E-Vote-ID 2017: E-Vote-ID 2017, Bregenz, Austria, October 24-27, 2017. Ed. Krimmer, R.; Volkamer, M.; Braun Binder, N.; Kersting, N.; Pereira, O.; Schürmann, C. Springer, 306−317. (Lecture Notes in Computer Science; 10615).
  • Kubjas, I.: Skachek, V. (2017). Two-Party Function Computation on the Reconciled Data. 55th Annual Allerton Conference on Communication, Control, and Computing. Monticello, IL, USA: IEEE,.
  • Kubjas, I.; Skachek, V. (2015). Data Dissemination Problem in Wireless Networks. 53rd Annual Allerton Conference on Communication, Control, and Computing, Allerton, IL, USA. IEEE, 1.

Business Process Privacy Analysis

Description: The aim of this doctoral project is to develop and evaluate techniques for privacy analysis of business processes. The main outcome will be a tool that takes as input process models with privacy metadata, and analyses these process models in order to: (i) detect unintentional disclosures of private information; and (ii) quantify the amount of private information leaked by the outputs of the business process. The tool will generate reports that explain to data owners the maximum extent of possible leakage of private data. The tool will also suggest possible counter-measures to reduce privacy leakages in a business process as well as the specific points in the business process where these counter-measures should be deployed.

• Publications:
  • Tom J., Sing E., Matulevičius R., Conceptual Representation of the GDPR: Model and Application Directions, International Conference on Business Informatics Research (BIR 2018), Stockholm, Sweden, Springer, LNBIP, 2018.
  • Tom J., Assessing and Improving Compliance to Privacy Regulations in Business Processes. CAiSE 2018, Doctoral consortium, Tallinn 2018

A Reference Model for Security Risk Management of the Blockchain-based Applications

Description: The aim of this doctoral project is to develop and evaluate techniques and approaches for security risk management of the blockchain-based applications. The main outcome will be a systematic approach for managing, controlling and comparing security risks (events and their potential impacts) of the blockchain-based applications used in different business domains. The approach will support systematic analysis of the business and system assets, their security risks including security events and their impact to the business processes. The approach will also suggest possible countermeasures to reduce security risks in a business process as well as the specific points in the business process where these countermeasures should be deployed within the blockchain-based applications.

Approachable Proofs for Secure Multiparty Computation

Description: The aim of the thesis is to delve into the universally composable security proofs of secure multiparty computation and introduce means to simplify these proofs for certain protocols. Proving universal composability is a complex task and therefore papers often rely on handwaving arguments in order to save space and maintain readability. This thesis formalises some approaches taken to prove secure multiparty computation protocols, hence the simple arguments can be used in the paper and they have well fixed formal grounds.

• Publications:
  • Bogdanov D., Laud P., Laur S., Pullonen P. (2014). From Input Private to Universally Composable Secure Multi-party Computation Primitives. 2014 IEEE 27th Computer Security Foundations Symposium, CSF 2014, Vienna, Austria, July 19-22, 2014. Ed. Datta, Anupam; Fournet, Cedric. IEEE Computer Society, 184−198.
  • Pullonen P.; Siim S. (2015). Combining Secret Sharing and Garbled Circuits for Efficient Private IEEE 754 Floating-Point Computations. FC 2015 International Workshops, BITCOIN, WAHC, and Wearable, San Juan, Puerto Rico, January 30, 2015, Revised Selected Papers: Third Workshop on Encrypted Computing and Applied Homomorphic Cryptography, San Juan, Puerto Rico, 30.01.2015. Ed. Brenner, M.; Christin, N.; Johnson, B.; Rohloff, K. Springer, 172−183. (Lecture Notes in Computer Science; 8976).
  • Archer D. W.; Bogdanov D.; Pinkas B.; Pullonen P.; (2016). Maturity and Performance of Programmable Secure Computation. IEEE Security & Privacy, 14 (5), 48−56.10.1109/MSP.2016.97.
  • Pullonen P., Matulevičius R., Bogdanov D. (2017). PE-BPMN: Privacy-Enhanced Business Process Model and Notation. International Conference on Business Process Management (BPM 2017), 10445: International Conference on Business Process Management (BPM 2017), Barcelona. Ed. Carmona J., Engels G., Kumar A. Springer, 40−56.10.1007/978-3-319-65000-5_3.

Cryptanalysis of Post-Quantum Algorithms

Description: Quantum algorithms which pose a significant threat to current cryptographic infrastructure have been known for decades. While currently there does not exist a quantum computer large enough to make use of these algorithms, it is possible that such a device could be created within the next twenty or so years. As deploying public key schemes has historically also taken nearly two decades, the National Institute of Science and Technology (NIST) has held a call for proposals in order to begin this process of standardizing and deploying post-quantum algorithms. The focus of this research is to contribute in this effort of standardization by analyzing the algorithms proposed to NIST.

Verification of Postquantum Cryptography

Description: Security proofs in cryptography are very error-prone due to their complexity. This is even more so in the case of quantum cryptographic protocols. Machine aided verification can help to solve this problem and re-establish trust in the cryptographic protocols. Existing research in the field (e.g., the tools CryptoVerif, CertiCrypt, EasyCrypt) focusses on classical cryptography. In the quantum setting, the situation changes drastically, because the underlying logical foundations have to be completely redeveloped. The focus of the research work is to adapt the methodologies from the classical case to the quantum case, and to develop new ones, specific to quantum protocols.