News

25.06.2010

NISlab wins Oppland Research and Development prize 2010

Norwegian Information Security Laboratory (NISLab) at Gjøvik University College was awarded Oppland's Research and Development prize under the Mjøs conference on Friday 25/6/2010. "This is absolutely fantastic, and a feather in the cap for the researchers in the laboratory," said the head of the laboratory, Patrick Bours.
It's a feather in the cap for Gjøvik University College has invested targeted and strategic to be a pro-active and research-intensive institution, emphasizes Bours. The result also shows because Gjøvik University College had the largest increase in research based funding in 2009 among the state colleges in Norway.
Patrick Bours took with him his whole family from the Netherlands in 2005 to begin at the Norwegian Information Security Lab, and he has not regretted for a day. -The environment in the laboratory is fantastic, with research of international standard, and Gjøvik area is a great place to stay for a family with young children.
-This prize is a concrete result of the long-term strategy and commitment attached to the Project Inland University, emphasizes the dean of the Faculty of Informatics and Media Technology, Morten Irgens.
Irgens adds that while the college is building its international research expertise, it looks at itself increasingly as an important instrument for value creation in Norway and in the Innland region. -Sustainable value creation, whether it is through innovation in existing organizations or bold entrepreneurship, is one of the major social challenges. We are a partner in meeting this challenge, emphasizes Irgens.
According to the prize statutes have the recipients of R&D award conducted research and development in scientific, educational or artistic areas that maintain high academic goals in a domestic and / or international context. The award will be based on the merits, and is a reward for activities that have contributed to promoting the institution's role and reputation, and encourage continued effort.
The citation reads in part that NISlab has established itself within a few years as a strong, productive and highlighted research environment that sets Oppland on the map both nationally and internationally. County spokesman Audun Tron was not in doubt: "This is a very well deserved recognition of the academic environment at NISLab. During the last few years NISlab linked some of the best researchers in information security to itself and the academic environment grows and evolves constantly.

15.06.2010

PhD Trial Presentation: June 24th 2010, 10.00-11.00, K109

Speaker: PhD student Kirsi Marjaana Helkala

Title : Authentication in Health Services

Abstract : This thesis contributes by offering new knowledge on the topic of authentication in health services. The overall goal of the research has been to learn how authentication is done in health services, to point out possible places for improvements, and to develop new authentication mechanisms or enhance existing ones in such a way that they become more secure and user friendly. However, replacing an old authentication mechanism with a new one is not an easy task. A key question in this context is how we know that the new method really is better than the old one?
Different properties of different authentication alternatives make a selection of authentication products difficult. Often, selection of a product is done among similar types of authentication products and is based only on cost or security of the product. However, there are other issues that should be taken into account e.g. strict hygiene standards and actual user group and user environment. This thesis presents a novel method for authentication product ranking within an extensive variety of authentication products (passwords, biometrics, and tokens).
In order to develop the ranking method, the knowledge of authentication methods in a wide range of applications had to be gathered. Therefore, three additional research questions were approached: To what extent are the assumptions on the use of and need for authentication in the health sector valid, is it possible to rank and strengthen methodologies for user generated passwords, and is it possible to identify biometric methods particularly suitable for the health service environment?

14.06.2010

Scientific seminar: June 18th 2010, 09.00-10.00, K109

Speaker: PhD student Lisa Rajbhandari

Title : Privacy Risk Analysis

Abstract : Every individual has a right to privacy of their personal information. Today, with the advancement of information technology, there is a growing risk to privacy as the identity information is being used widely. The purpose of our research is to identify and understand the risks encountered in privacy context using game theory.

07.05.2010

Scientific seminar: May 7th 2010, 11.00-12.00, A128

Speaker: PhD student Knut Wold

Title : Demonstration of power analysis attack against smart card

Abstract : Smart cards are today used in many applications where the security of the cards is of crucial importance. Power analysis attacks is a method of revealing the secret information (typically an encryption key) from the smart card by using the fact that the dynamic power consumption of a CMOS device depends on the data being processed. By measuring several traces of a signal proportional to the power consumption of the smart card and with some knowledge of the encryption algorithm, a statistical approach can be used to find the encryption key. In this demonstration a differential power attack (DPA) against a smart card is performed and the secret key used in the encryption is determined.

23.04.2010

Scientific seminar: April 23rd 2010, 14.00-15.00, K113

Speaker: MSc student Štěpán Mráček

Title : Biometric Recognition of 3D Faces

Abstract : Face recognition is one of the most used biometric modalities. In everyday life we recognize other people by their faces. The detection of anatomical features like nose, eyes, and mouth position within the face does not pose any difficulties for humans. Furthermore, we can recognize faces from various angles, even if face expressions are present or a part of the face is covered. In this presentation, an automatic modular 3D face recognition pipeline will be described. The algorithm is developed, tested and evaluated on the Face Recognition Grand Challenge (FRGC) database. During the preprocessing part, facial landmarks are located on the face surface and the three dimensional model is aligned to a predefined position. In the comparison module, the input probe scan is compared to the gallery template. There are three fundamental face recognition algorithms employed during the recognition pipeline -- the eigenface method (PCA), the recognition using histogram-based features, and the recognition based on the anatomical features of the face. Finally the decision module fuses the scores provided by the utilized recognition techniques.

09.04.2010

Scientific seminar: April 09th 2010, 11.00-12.00, K113

Speaker: PhD Bian Yang

Title : Biometric Template Protection: State of Arts Algorithms and Standardisation

Abstract : Biometrics based applications are widely developed and deployed nowadays. Because of the "uniqueness", biometrics seems to provide a good means to identification and verification for human beings. However, this "uniqueness" can cause severe security and privacy concerns if the biometric templates are not properly protected during storage and transmission. Standard encryption (DES, AES, etc) can be an option to encrypt biometric templates but in many cases it is insufficient because the encrypted template needs decryption to invert to its plain-text for comparison. This is insecure in some applications as full access to samples or unprotected biometric features is given to the potentially untrusted entity that conducts the comparison. Template protection addresses this problem by designing new encryption mechanisms which are required to be irreversible and unlinkable, while providing desirable biometric performance for the applications.
This presentation will give an overview of the state of art algorithms (including algorithms from the TURBINE partners and the GUC group) proposed in recent years for template protection and our standardisation work on this topic in ISO/IEC JTC1 SC27 24745.

26.03.2010

Scientific seminar: March 26th 2010, 13.00-14.00, K113

Speaker: PhD student Mark Seeger

Title : Observation Mechanism and Cost Model for Tightly Coupled Asymmetric Concurrency

Abstract : Whilst the precise objectives and mechanisms used by malicious code will vary widely and may involve wholly unknown techniques to achieve their respective objectives, certain second-order operations such as privilege escalation or concealment of the code's presence or activity are predictable. In particular, concealment mechanisms must modify well-known data structures, which could be detected trivially otherwise. We argue that any such mechanism is necessarily non-atomic and can hence be detected through concurrent observations forcing an interleaved linearization of the malicious code with observations of memory state changes induced in tightly coupled concurrent processing units. Extending previous research for the case of symmetric concurrent observation, we propose a computational model and observation mechanism for the case of tightly coupled asymmetric concurrent processing units as may be found in most current computing environments with particular emphasis on metrics for the cost of forced synchronization and resource contention caused by observations. We argue that the resulting observations will provide a novel sensor datum for intrusion detection but may also be used as a standalone probabilistic detection mechanism particularly suited to detect attacks in progress.

17.03.2010

NISlab partner in EU-project "BEST"

The Biometrics European STakeholders (BEST) Network project was started in December 2009 with the participation of NISlab. It is a European Commission ICT Policy Support Programme centred on a European Thematic Network on Trusted information infrastructures and biometric technologies.
Read more >>

12.03.2010

Scientific seminar: March 12th 2010, 11.00-12.00, A110

Speaker: PhD student Takashi Watanabe

Title : Introduction to Side-channel Attacks
(Security Problems caused by Hardware Implementation)

Abstract : Modern cryptographic algorithms have been developed under the assumption that any information other than the secret key become available to an attacker. However, the information from an actual hardware implementation such as execution time and power consumption were not considered in this context. (These hardware implementation oriented information are called "Side-channel Information", and an attack that use them is called "Side-channel Attack".) As a result, the side-channel information leakage became a weak link of real security systems such as Pay TV. Development of countermeasure is still ongoing today (see the CHES workshops [1]). In this presentation, I will present an overview of the side-channel attacks and introduce what we have done in our recent work.

[1] Workshop on Cryptographic Hardware and Embedded Systems
http://www.iacr.org/workshops/ches/

10.03.2010

Master Thesis Presentation: March 10th 2010, 13.00-13.45, K109

Speaker: MSc student Martin Olsen

Title : Vein Pattern Recognition
(A Rotation, Translation and Scale Invariant Approach)

Abstract : Finger vein pattern recognition is a biometric modality that uses features found in the blood vessel structure of the fingers. The low contrast between veins and tissue is enhanced using algorithms that operate on a per pixel level and consider the local neighborhood intensity resulting in an image from which the vein structure can be extracted using segmentation. A spectral feature descriptor which is invariant to translation, rotation and scale is applied and used by the comparison subsystem. The methods applied are compared to a previously proposed system for back of hand vein pattern recognition. The experimental results obtained show similar performance between the methods proposed here and the reference system on the same dataset. At the same time sensor image quality and contrast enhancement methods are critical in order to achieve high performance.

24.04.2009

Guest lectur by Prof.Dr. B. Hämmerli

Prof. Hämmerli will give a presentation (Information Security Management: Trens in Industry and Research) in Ørneredet at 13.00.

3.10.2008

Rosing award

The information security students and faculty have been nominated for the Rosing award. The award is given on 17th of November.

Read more on the HiG site.

27.6.2008

PhD defence by Davrondzhon Gafurov

On June 27th 2008, at 13.15, Davrondzhon Gafurov , defended his thesis entitled "Performance and Security Analysis of Gait-based User Authentication." The defence took place at Lille auditorium, Informatikkbygningen, Gaustad.

17.6.2008

PhD defence by Nils Kalstad Svendsen

On June 17th 2008, at 13.15, Nils Kalstad Svendsen, defended his thesis entitled "Interdependencies in Critical Infrastructures: A Qualitative Approach to Model Physical, Logical, and Geographical Interdependencies." The defence took place at UniK, Kjeller.

17.6.2008

Godkjent doktorgard

Les mer: http://www.hig.no/nyheter/arkiv/godkjent_doktorgrad

25.2.2008

PhD defence by Hanno Langweg

On February 25th 2008 at 14:30, Hanno Langweg, defended his thesis entitled "Software Security Metrics for Malware Resilience." The defence took place at Institute for Informatics III, in Bonn, Germany.

7.11.2007

PhD defence by Lasse Øverlier

On November 7th 2007 at 13:15, Lasse Øverlier, defended his thesis entitled "Anonymity, privacy and hidden services: Improving censorship-resistant publishing." The defence took place at UniK, Kjeller.

27.08.2007

Sjefsredaktør for anerkjent tidsskrift

Les mer: http://www.hig.no/nyheter/sjefredaktoer

15.06.2007

Høgskolestyret sier ja til ny doktorgrad!

Les mer: http://www.hig.no/nyheter/doktorgrad