The Applied Cyber Security group belongs to the Chair of Security and Theoretical Computer Science at the Institute of Computer Science at University of Tartu.

We perform highly practical research in the field of cyber security, evaluating the security of the technology solutions used in our everyday life. Our focus is especially directed towards solutions with significant public interest that are used in Estonia. This includes electronic identity (e.g., ID cards and Mobile-ID), digital signatures, internet voting and similar topics.

Our aim is to develop our competence to act as an independent authority evaluating the security assurance of technologies, products and services provided by the government, industry and other institutions. We collaborate with industry by reporting our findings under a responsible vulnerability disclosure process. We serve the public by making our research publicly available and sharing our knowledge through various teaching activities.

People

• Arnis Paršovs (Research Fellow in Cyber Security)
• Danielle Morgan (Junior Research Fellow in Cyber Security)
• Denizalp Kapisiz (Junior Lecturer of Software Security)

Teaching and supervision

Our group contributes to the development of new cyber security specialists and researchers by various teaching and supervision activities.

Currently, we are responsible for teaching the following courses:

• Applied Cryptography (MTAT.07.017)
• Wireless Technologies and Security (LTAT.04.009)
• Web Application Security (LTAT.04.013)

We supervise BSc and MSc students, and provide supervision of cyber security-related topics in the Research Seminar in Cryptography and Cyber Security (MTAT.07.022).

Potential research topics are listed in the theses topics database.

Equipment

We have access to various hardware that can be provided to students for experiments and reserch assignments.

Research

Work by people related to our group:

• Arnis Parsovs. I-voting on mobile devices: the open issues. Report, University of Tartu, May, 2022.
• Arnis Parsovs, Burak Can Kus, Geio Tischler. ID card face match: Biometric facial verification using authentic ID card facial image. Demo installation, University of Tartu, September, 2023. [video]
• Arnis Parsovs. Security of the proposed Mobile-ID document decryption feature. Report, University of Tartu, July, 2022. [press]
• Arnis Parsovs. Security improvements for the Estonian ID card. Report, University of Tartu, June, 2022. [presentation]
• Elizabete Liene Šterna. Security Architecture of the Latvian eParaksts mobile. MSc thesis, University of Tartu, May, 2022.
• Semjon Kravtšenko. The Estonian Mobile-ID Implementation on the SIM Card. BSc thesis, University of Tartu, May, 2022. [BSides talk]
• Arnis Parsovs. Technical details of the security flaw in the Estonian ID cards issued in 2011. Report, University of Tartu, September 2021. [video] [media]
• Arnis Parsovs. On the format of the authentication proof used by RIA's Web eID solution. Report, University of Tartu, October 2021. [media]
• Peeter Vahe. Tartu Smart Bike Share Access Cards Authentication Analysis. BSc thesis, University of Tartu, May, 2021. [demo]
• Toomas Aleksander Veromann. WYSIWYS Extensions to the Estonian ID Card Browser Signing Architecture. MSc thesis, University of Tartu, May, 2021. [media]
• Burak Can Kus. Use of Electronic Identity Documents for Multi-Factor Authentication. MSc thesis, University of Tartu, May, 2021. [code] [demo]
• Arnis Parsovs. Security Analysis of RIA's Authentication Service TARA. Report, University of Tartu, May 2021.
• Arnis Parsovs. Estonian Electronic Identity Card and its Security Challenges. PhD thesis, University of Tartu, March 2021. [ebook] [media] [defence] [BSides talk]
• Arnis Parsovs. Estonian ID card (browser signing extension) authentication man-in-the-middle attack. YouTube proof-of-concept video with description, February 3, 2021. [press release] [media]
• Arnis Parsovs. Estonian Electronic Identity Card: Security Flaws in Key Management. In 29th USENIX Security Symposium (USENIX Security '20). USENIX Association, Boston, MA, August 2020. [page] [slides] [presentation] [demo]
• Sander-Karl Kivivare. Secure Channel Establishment for the NFC Interface of the New Generation Estonian ID Cards. BSc thesis, University of Tartu, August, 2020. [code]
• Eduard Iltšuk. Two-Party ECDSA Protocol for Smart-ID. MSc thesis, University of Tartu, August, 2020.
• Arnis Parsovs. Solving the Estonian ID Card Crisis: the Legal Issues. Proceedings of the 17th International Conference on Information Systems for Crisis Response and Management ISCRAM 2020, Blacksburg, VA, May 2020.
• Siim-Alexander Kütt. Security Analysis of Tartu Smart Bike Share Android Application. BSc thesis, University of Tartu, May, 2020. [media]
• Silver Maala. A Proof of Concept Malware for Interacting with the Smart-ID Android Application. BSc thesis, University of Tartu, May, 2020. [demo] [code] [media]
• Arnis Parsovs. Creating a technically valid but legally invalid EU Qualified Electronic Signature. YouTube proof-of-concept video with description, February 26, 2020. [news article]
• Abasi-amefon Affia. Assessing the NFC Unlock Mechanism of the Tartu Smart Bike Share System. Research seminar MTAT.07.022 report, University of Tartu, Fall 2019.
• Tõnu Mets and Arnis Parsovs. Time of signing in the Estonian digital signature scheme. Digital Evidence and Electronic Signature Law Review, November 1, 2019. [page] [demo]
• Bruno Produit. Optimization of the ROCA (CVE-2017-15361) Attack. MSc thesis, University of Tartu, June 2, 2019. [slides] [code] [media]
• Annika Tammik. Reproducing Vote Verification Application Builds for Estonian I-Voting System. Research seminar MTAT.07.022 report, University of Tartu, Fall 2017. [slides]
• Danielle Morgan and Arnis Parsovs. Using the Estonian Electronic Identity Card for Authentication to a Machine. In: Secure IT Systems. NordSec 2017, November 9, 2017. [extended version] [slides]
• Danielle Morgan. Security of Loyalty Cards Used in Estonia. MSc thesis, Tallinn University of Technology, 2017. [slides]
• Arnis Parsovs. Homomorphic Tallying for the Estonian Internet Voting System. Cryptology ePrint Archive, Report 2016/776, 2016. [code]
• Rain Viigipuu. Security Analysis of Instant Messenger TorChat. MSc thesis, Tallinn University of Technology, June 4, 2015. [slides]
• Sven Heiberg, Arnis Parsovs, Jan Willemson. Log Analysis of Estonian Internet Voting 2013-2014. In: E-Voting and Identity. Vote-ID 2015. [extended version] [slides]
• Märt Bakhoff. Sniffing Real World EMV Payment Card Protocol Transaction. Research seminar MTAT.07.022 report, University of Tartu, Fall 2014. [slides]
• Arnis Parsovs. Identity Card Key Generation in the Malicious Card Issuer Model. Research seminar MTAT.07.022 report, University of Tartu, Spring 2014. [slides]
• Arnis Parsovs. Practical Issues with TLS Client Certificate Authentication. In Proceedings of the Network and Distributed System Security Symposium (NDSS), San Diego, CA, February 2014. [slides] [demo1] [demo2]
• Arnis Parsovs. Estonian eID Security: Open Issues. Presentation at SK annual conference, Tallinn, November 7, 2013.
• Arnis Parsovs. Secure Electronic Signature – Secure in the Absence of an Attacker (in Latvian). LATA Conference "Security and Openness", Riga, Latvia. January 17, 2013.
• Arnis Parsovs. Security Analysis of Internet Bank Authentication Protocols and their Implementations. MSc thesis, Tallinn University of Technology, June 1, 2012. [slides] [page and demo]

Useful links

We are maintaining:

• YouTube channel
• Estonian Cyber Security News Aggregator
• List of Estonian e-services using eID

Funding

Our work is being carried out with financial support from the European Social Fund through the IT Academy programme and financial support from the Estonian Ministry of Economic Affairs and Communications.

---

Last update on 10.11.2023