Academic Director for Executive Education in IT and Information Security
Managing Partner, ICT Control advisor, Belgium
Past International Vice President of ISACA
Information Security and Risk Governance and Management Frameworks. An Overview of COBIT 5
Date & Time:
Nov. 28, 8:30 am.
No Information Security professional could ignore the structured approach that is offered by COBIT 5 for the governance, the management, the review and the improvement of Information Security and Risk in today’s organisations.
Professor Ataya shall present the major highlights from COBIT 5 and how it could be practically used by both managers and technical professionals for improving their control over those essential domains of practice.
Academic Director of IT Management Education at Solvay Brussels School of Economics and management. Professor at the Master in Management delivering Enterprise Consulting workshop since 2006 and in charge of IT Governance from 2011.
Managing Partner with ICT Control NV/SA a Brussels based firm involved with consulting and Management advisory. Clients include various organisations in the public and private sector relying on ICT Control Advisors to assist them in creating benefits, avoiding risks and improving the governance of Information technology. Past Chair of the External Relations Committee at ISACA where he served as International Vice President from 2006 to 2010, and as co-founder of the Value Governance framework and the VALIT publications, directing the International Web project oversight, revamping COBIT and initiating the activities since 2002 of the IT Governance Institute.
Georges Ataya previously acted as Partner within Ernst & Young in charge of Technology and security Risk Services and as a Deputy CIO for ITT World Directories.
He advised private and public organisations in Europe in the domains of the governance of Enterprise IT, Information security Management, risk management, value management, enterprise Architecture and Sourcing management. He participated in the development of frameworks such as COBIT, VALIT, and co-created the body of knowledge that was first used for the CISM certification.
Georges hold the following certifications: cissp, cism, cgeit, crisc, cisa. He holds a Master in Computer sciences (ULB 1981) and Postgraduate in Management (Solvay Brussels School 1986).
Faculty,IT Security Department
Director, Research and Educational Center for Security Systems
Analysis of GOST 28147-89 Security: Methods and Algorithms
Date & Time:
Nov. 27, 8:30 am.
The talk is devoted to the issues of computational complexity check of various attacks on GOST 28147-89 cryptographic algorithm (commonly known as GOST). The primitives that comprise different cryptanalysis techniques and conditions of their applicability are considered in detail. The results of application of differential, algebraic, and linear cryptanalysis for different number of rounds are given. Particular attention is paid to the possibility to implement parallel cryptanalysis algorithms. As soon as possible allocations of S-box values are not defined by GOST, detection of potentially weak S-box layouts is particularly important. The talk summarizes several approaches, methods and algorithms that make it possible find out whether a particular S-box has weaknesses. The talk is concluded with relevant experimental data.
Prof. Dr. Ludmila Babenko graduated from Taganrog Institute of Radio-Engineering with a major of Computer Engineering. She received her Kandidat Nauk (PhD equiv.) and Doktor Nauk (Habilitation equiv.) degrees in 1978 and 1994 respectively. Her dissertations were devoted to multiprocessor computer systems. In 1999 she was appointed full professor. Prof. Babenko has been working in Southern Federal University (SFedU) since 1970 starting from the position of engineer and promoting to junior researcher, head of a laboratory, associate professor and full professor. Ludmila Babenko is combining the positions of the full professor at SFedU IT-security department and the director of Research and Educational Center for Security Systems. The area of research interest of Prof. Babenko spans to cryptographic methods and means for IT-security enhancements, concurrent and vector computations, and estimation of strength of cryptographic algorithms. Prof. Babenko has authored and co-authored more than 200 research papers and 5 books; she has also registered 14 patents and 15 software products. Prof. Babenko is delivering lectures on “Cryptographic Methods and Means of IT-security” and “Software and Hardware Enhancements of IT-security”; she has published over 20 brochure textbooks on the subject.
Prof. dr. ir.,
COSIC KU Leuven and iMinds, Belgium.
The SHA-3 Competition: Lessons Learned
Cryptographic hash functions are the most widely used cryptographic algorithm. While hundreds of designs were published, until 2004 little theoretical research and cryptanalysis had been performed; moreover, about 80% of the designs was broken. The cryptanalysis of MD4, MD5 and SHA-1 by Wang et al. in 2004 created the so-called hash function crisis and formed an impetus for a large scale research effort.
In November 2007, the NIST (National Institute of Standards and Technology, US) announced the start of the SHA-3 competition, with as goal to select a new hash function standard. More than 60 designs were submitted from all over the world. In October 2012, the hash function Keccak was announced as the winner.
This talk discuss the state of the art of theory and practice of hash functions and evaluates the process and outcome of the SHA-3 competition.
Bart Preneel is full professor at the KU Leuven where he heads the COSIC research group which has 60 members. He was visiting professor at five universities in Europe and was a research fellow at the University of California at Berkeley and a scientific advisor of Philips Research. He has authored more than 400 scientific publications and is inventor of 4 patents. His main research interests are cryptography, information security and privacy and he frequently consults on these topics. Bart Preneel has participated to more than 30 international research projects sponsored by the European Commission, for five of these as project manager. He has served as panel member for several research funding agencies including the European Research Council. He is president of the IACR (International Association for Cryptologic Research) and a member of the Permanent Stakeholders group of ENISA. He is serving on several advisory board including those of CASED (Darmstadt), Intrinsic-ID (the Netherlands) and the Royal Holloway Centre for Doctoral Training in Cyber Security Research (UK). He has served as program chair of 15 international conferences and he has been invited speaker at more than 80 conferences in 40 countries.
Director, the Cryptography and Information Security Group (CISec)
Sabanci University, Turkey
Attacks on implementation of Cryptographic Algorithms: Fault and Side-Channel Attacks
Cryptographic algorithms that are considered theoretically secure can be vulnerable to attacks due to flaws in their implementations, both hardware and software. Fault and side-channel attacks or a combination of the two have been demonstrated to compromise part or all of the secret key in various algorithms. In this talk, these attacks will be explained and countermeasure will be discussed. It will be shown that implementation of cryptographic algorithms, in the presence of fault and side-channel attacks, requires expert knowledge. The nascent field of cryptographic engineering aims to solve not only the system requirements such as encryption speed but also potential security flaws. It will also be argued that our knowledge in fault and side-channel attacks can improve cryptographic algorithm design as well.
Erkay Savaş received the BS (1990) and MS (1994) degrees in electrical engineering from the Electronics and Communications Engineering Department at Istanbul Technical University. He completed the Ph.D. degree in the Department of Electrical and Computer Engineering (ECE) at Oregon State University in June 2000. He had worked for various companies and research institutions before he joined Sabanci University as an assistant professor in 2002. He is the director of the Cryptography and Information Security Group (CISec) of Sabanci University. His research interests include cryptography, data and communication security, privacy in biometrics, trusted computing, security and privacy in data mining applications, embedded systems security, and distributed systems. He is a member of IEEE, ACM, the IEEE Computer Society, and the International Association of Cryptologic Research (IACR).
Erkay Savaş published scientific articles on the fields of cryptography, cryptographic engineering and applications of security and cryptography at prestigious international journals and proceedings of conferences and workshops including IEEE Transactions on Computers, IEE Proceedings Computers and Digital Techniques, Data and Knowledge Engineering, Cryptographic Hardware and Embedded Systems.
He participated in many nationally-funded projects as well as one EU FP6 project as primary investigator and researcher. Some of the participated projects include sensor network security, privacy and security in embedded system design, privacy in biometrics, and privacy in data mining applications. Before his appointment at Sabanci University, he participated in projects funded by the NSF of USA and private industry in the USA.
Ali Aydın Selçuk
TOBB ETÜ, Turkey
Trusting SSL in Practice
SSL is the most widely used cryptographic protocol in the world today. Despite having a reasonably good design and a practical commercial model behind it, there are several points where SSL fails in practice. In this talk, we will discuss the security of the SSL protocol in real life.
Ali Aydın Selçuk is an associate professor currently working at Bilkent University. Before joining Bilkent University, he worked at RSA Data Security, Novell, and the Network Systems Laboratory of Purdue University.
His research interests are in applied cryptography and network security, with an emphasis on secure communication protocols, privacy protocols, and cryptanalysis of block ciphers.
Sr. Professor and JC Bose National Fellow
Tata Institute of Fundamental Research, India
Security and Protection of SCADA: A Bigdata Algorithmic Approach
Date & Time:
In this talk, we shall describe an algorithmic data-intensive approach (also referred to as Bigdata approach) approach for protecting and securing SCADA from attacks from malware. The approach is based on using the data used by control-system designers for making the system robust, and then reducing the security and protection problem of control systems or SCADA, in general, to the problem of monitoring distributed streaming data. We further show that the method is algorithmically scalable and argue that such algorithmic Bigdata approaches enable securing and protecting of IT controlled public infrastructures. complex and hence, need a wholesome approach for detection and protection. In these scenarios, apart from the classical IT security, there is a need to look at other plausible new attacks considering the domain of the physical systems and arrive at methods of protection and risk evaluation. In this paper, we shall describe an algorithmic data-intensive approach (also referred to as Bigdata approach) approach for protecting and securing SCADA from malware attacks. The approach is based on using the data used by control-system designers for making the system robust, and then reducing the security and protection problem of control systems or SCADA, in general, to the problem of monitoring distributed streaming data. We further show that the method is algorithmically scalable and argue that such algorithmic Bigdata approaches enable securing and protecting of IT controlled public infrastructures.
R. K. Shyamasundar is a Fellow of IEEE, a Fellow ACM, Distinguished ACM Speaker, served as IEEE Distinguished Speaker. He is currently Senior Professor and JC Bose National Fellow at the Tata Institute of Fundamental Research. He is the founding Dean of the School of Technology and Computer Science. He has made outstanding contributions to Real-Time Distributed Computing, Logics of Programs, Network and Computer Security. His research interests include distributed real-time systems, Logics of Programs, Concurrent programming Languages, Formal Methods, Cyber Security etc. He has more than 300 publications, 8 books, 8 international patents, 3 Indian patents, and 3 Best Paper Awards. Thirty five students have completed Ph.D. under his guidance, has served on IEEE Standards and served as consultant to ESPRIT projects. He did postdoctoral work under the legendary Turing Laureate Professor Dr. Edsgar Dijkstra and was a Distinguished Visiting fellow under Royal Academy of Engineering at the Computing Laboratory of University of Cambridge. He has served as Faculty/Staff at IBM TJ Research, Eindhoven University, State University of Utrecht, Pennsylvania State University, University of Illinois, University of California, San Diego, IRISA, INRIA, CWI, Max Planck Institute, IBM Research India etc. He was Founding Chair of FSTTCS and founding President of IARCS. He serves on the Governing Council of IIIT Allahabad, IIIT, Jabalpur, CSIR Centre CMMACS, Bangalore and serves on the Technical Advisory Board of BSE (Bombay Stock Exchange). He has served on IEEE Esterel Standards Committee. He a Fellow of the Computer Society of India (CSI), Chairman of CSI Publications committee, the Editor-in-Chief of the CSI Journal of Computing and serves on the Editorial of Sadhana- Journal of Engineering Sciences of the Indian Academy of Sciences, Bangalore, India.
He is a Fellow of Indian Academy of Sciences, Indian National Science Academy, National Academy of Sciences, and National Academy of Engineering, India. He is a Fellow of the Academy of Sciences of the Developing world (TWAS), Trieste, Italy.
SBA Research & Vienna University of Technology, Austria
Social Engineering Attacks on the Knowledge Worker and the Digital Native
Social Engineering has long been a very effective means of attacking information systems. The term knowledge worker has been coined by Peter Drucker more than 50 years ago and still describes very well the basic characteristics of many employees. Today, with current hypes such as BYOD (bring your own device) and public cloud services, young professionals expect to use the same technology both in their private life and while working. In global companies teams are no longer geographically co-located but staffed globally just-in-time. The decrease in personal interaction combined with the plethora of tools used (E-Mail, IM, Skype, Dropbox, Linked-In, Lync, etc.) create new opportunities for attackers. As recent attacks on companies such as the New York Times, RSA or Apple have shown, targeted spear-phishing attacks are an effective evolution of social engineering attacks. When combined with zero-day-exploits they become a dangerous weapon, often used by advanced persistent threats.
In this talk we will explore some attack vectors and possible steps to mitigate the risk.
Edgar R. Weippl (CISSP, CISA, CISM, CRISC, CSSLP, CMC) is Research Director of SBA Research and associate professor (Privatdozent) at the Vienna University of Technology and teaches at several universities of applied sciences (Fachhochschulen). His research focuses on applied concepts of IT-security; he organizes the ARES conference and is on the editorial board of Elsevier's Computers & Security journal (COSE).
After graduating with a Ph.D. from the Vienna University of Technology, Edgar worked for two years in a research startup. He spent one year teaching as an assistant professor at Beloit College, WI. From 2002 to 2004, while with the software vendor ISIS Papyrus, he worked as a consultant for an HMO in New York, NY and Albany, NY, and for the financial industry in Frankfurt, Germany. In 2004 he joined the Vienna University of Technology and founded together with A Min Tjoa and Markus Klemen the research center SBA Research.