Recent Changes - Search:

WNaS @ UNIK

Master Thesis

Security and Mobility
UniK, Kjeller

edit SideBar

(redirected from Main.Security)

Welcome to Infosec@Unik. Our team consists of people from industry and research organisations in the Oslo area engaged in information security research and development. Members are: Audun Jøsang, Mona Holsve Ofigsbø, Chuming Rong, Leif Nilsen, Torleiv Maseng, Eli Winjum, Pål Spilling, Øivind Kure, Josef Noll, Gyorgy Kalman, Janne Hagen, Lasse Øverlier, Anne Marie Hegland, Lars Strand.

Academic Forum on Security

Infosec@UniK organises monthly research seminars where guest speakers from industry and academia are invited to present current issues in information security. See the AFSecurity wiki pages for more information.

Infosec@Unik Research Topics:

Online Services Security

The Internet is quickly changing from a content platform to a service platform, where new services can be composed of other loosely coupled services. This development leads to new business models and increased efficiency. However, many new security vulnerabilities are emerging that can be exploited by attackers. This is worrysome as the economy becomes more and more dependent on online services. Research in online services security aims at investigating practical methods for making onine markets robust against attacks.

Identity Management and User Authentication

The current silo model for online identity management does not scale and causes identity overload and password fatigue, which in turn results in security vulnerabilities that easily can be exploited by attackers. Research in identity management aims at designing better models that provide a better user experience and thereby stronger overall security.

Near-Field Communication and Ad-Hoc Networks

"In 2007 more transistors than rice corns where produced" [Hans Christian Haugli, Jan 2008]. Imagine that you will have 30 devices which talk to each other in 2011, and 100 sensors and devices talking to each other in 2016. The challenges are to establish a system for authentication of devices ("what is my device") and services on the devices ("this device can report my diabetes level and reports to my doctor"). Further information.

By definition ad-hoc networks consists of entities that a priori have no prior knowledge about each other. At the same time these entities depend on each other to provide collaborative services. This opens up the possibility of misbehaving entities which represents a security threat.

Privacy and Digital Rights Management

DRM (Digital Rights Management) focuses on protecting the rights of the owner of digital content. Its purpose is to protect the business models around the marketing of content. DRM has positive aspects, but also has negative side-effects, such as making fair-use difficult and causing significant cost overhead and inconvenience. Research in this area focuses on analysing DRM technologies from a technology and policy perspective.

Privacy is about protecting personal information from misuse. The privacy laws enacted around the world are unsuitable for the current online service environment where people happily give away personal information to unknown service providers around the world. Research in this area explores new ways of thinking about privacy that takes the reality of the Internet revolution into account.

Security Usability

Security usability is a crucial but largely ignored element in the security chain. The characteristics of security usability are quite different from those of traditional usability. For example, if a computer has poor usability, then people will have trouble getting any useful function out of it. On the other hand, if security protection of the computer has poor usability, then it doesn't necessarily stop people from using and from getting useful functions out of it. Another interesting difference is in the reactions people can be met with. At worst, people with trouble using a computer could be ridiculed, whereas people with trouble protecting their computer could be swindled. People are often the weakest link in the security chain of systems and applications. Poor usability of security directly leads to security vulnerabilities that can be exploited by hackers and criminals. Research in security usability aims at strengthening the overall security by improving usability.

Trust and Reputation Management

Online trust and reputation systems have emerged as tools for stimulating good quality and sanctioning bad quality online services. It allows entities to rate the quality of services, and to get an estimate of services quality before commiting to use the service. The research in trust and reputation management is inspired by the vision of creating an Internet governed by collaborative policing, and where people and organisations can engage in online communities and markets without fear of being deceived or attacked. This of often called soft security.

Trusted Systems

Trusted systems provide higher security assurance than current commodity platforms and are used in high sensitivity applications such as in the military environment. Trusted systems are generally more difficult to configure and operate than commodity systems, but the research and industry communities are focusing on developing more practical trusted systems with potentially extended applicability. Research in trusted systems focuses on architectures and technologies for high assurance security, as well as on methods of making such systems more practical.

Cryptography

Research in cryptography is often highly specialised, and can be conducted on a low theoretical level or on a higher application level. Our activities focuses on applications of cryptography and cryptographic protocols.

Information Warfare

Different and possibly conflicting interests and views will always exist in communities and marketplaces. As a platform for online communities and business the Internet often is a battleground between different interest and interest groups. Conflics are played out between the obvious black hats such as criminals and hackers and white hats such as citizens and legal organisations. However, conflics also exist between groups of different ethical stature and between sovereign states, in which case there is no clear separation between black and white hats. It all depends on where you stand. Our activities focus on understanding the specter and types of conflics that are emerging, and possibly to investigating solutions for mediation and control.

Security Management

Security management is the activity undertaken by organisations for safeguarding their informatin assets. This includes policy definitions, risk management, business continuity planning etc. Our activities focus on investigating new principles for bettwr quality and more efficient security management.


Postgraduate Courses

Please have a look at UniK's complete list of courses

  • Introduction to Cryptography / Innføring i kryptografi - UNIK4220
  • Security in distributed systems / Sikkerhet i distribuerte systemer - UNIK4260
  • Vulnerability and Security of Wireless Communications / Sårbarhet og sikkerhet i radiosystemer - UNIK4260
  • Security in Operation Systems and Software / Sikkerhet i operativsystemer og programvare - UNIK 4270
  • ...

Meetings

We have two types of meetings, (i) Academic Forum on Security to discuss current problems and (ii) colloquia to provider broader information.

Proposed Master Projects at UniK

A supervisor is specified for each project. Contact the supervisor if you are interested in doing a project.

If you are not a student of a Norwegian University, please find information on remote thesis supervision here

Future Service Environments; Semantics and Ontology

Identity Management

Near-Field and Sensor Communications

NFC - Near Field Communications

Sensor Communication and Internet of Things

  • Integrate Sensors into the Telenor Objects Platform
  • Smart Grids and electrical motorcycles (eFree)
  • Sensors on trains and infrastructure of Jernbaneverket (JBV)

Radio communication

Communication in the North

 Δ

Advances in Radio prediction

  • Advanced algorithms for propagation prediction
    • a) long distance
    • b) fine-grain details
  • Establish and test (radar) ray tracing for urban areas

Cognitive Radio

  • Mobile radio units communicating in agreed frequency bands
  • How to establish frequency coordination for small mobile units

Radio prediction in Oslo (Example from Astrix/Telenor)

Privacy and Digital Rights Management

- WLAN security, user behavior monitoring, passive data gathering, vulnerability tests
- Design a device domain controller and interconnect with PATS
- Cost of DRM Technologies
- A digital rights management system for home content
- Explore capabilities of current media players with focus on encryption and device domain access
- Integrate Easy Pairing with Radius

Security Usability

- Experimental Security Usability Investigations

Trust and Reputation Systems

- Robustness of reputation systems

Trusted Systems

- Integrating Trusted Computing and PKI
- Robustness of Trusted Computing in Digital Rights Management
- Trusted Systems Security Models

Cryptography

- The Future of Quantum Cryptography

Information Warfare

- Games Security
- Honeypots, Honeynets and Darknets
- Spam, and its negative impact on the Internet and the effectiveness of organisations
- Botnet threats and countermeasures

Security Management

- Uncertainty in Risk Analysis
- Measuring Security


Master Theses in 2006/2007


If you want to be invited to the colloquia, please send an email to
Inform on updates of this page, click here

Edit - History - Print - Recent Changes - Search
Page last modified on July 04, 2012, at 03:54 PM EST