Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Research Topics with our Industry Partners

...

Posted on April 8May 19, 2021

SSH:

...

Fingerprinting schemes against Post Quantum Cryptography IPsec/IKEv2 encryption appliance

SSH Communications Security Oyj . is looking for an IT Support Trainee. SSH IT provides the necessary services for all SSH personnel to enable people to succeed in their work. We run services from mainframe platforms to cutting-edge lambda functions in the cloud. If you are interested in getting familiar with how IT operates and would like to learn skills in device management, what better way to spend the summer than joining SSH IT!

We are looking for a person who is/has:

  • Interested in challenging her/himself
  • Good in identifying a problem and especially finding a solution
  • Basic understanding of how computers work
  • Basic understanding of how computers communicate over a network
  • Good communication skills in English
  • Any programming skill is a plus

Please fill out the application form at https://careers.ssh.com and introduce yourself to us. Tell us also the period you would be available to work.master thesis worker interested in security research utilising network encryption appliances.

Device fingerprinting is a black box device detail extraction attack aiming to collect information about deployed hardware and software combinations to be used later in conjunction with known vulnerability to launch an actual attack.

Adding an assumption that the adversary can already today record key-exchange protocol handshakes together with the encrypted utility data stream it becomes inevitable that the attacker can later apply Quantum Computer against the asymmetric encryption to recover the session encryption key and apply that to discover plain-text data.  Thus data that needs to remain secret for years to come, should already now be protected with Quantum Safe means.

In order for the communications being truly secret and future proof, then encryption appliance must not reveal more information than is strictly necessary for communications.

In this project fingerprinting techniques are used to determine attack vectors against IPsec/IKEv2 Quantum Safe networking appliance.

Requirements:

  • MSc student in security, preferably computer science.
  • Good math and algorithmic skills.
  • Strong programming skills.

Nice to have:

  • Industry experience in software engineering or related field
  • Research experience
  • Familiar with network protocols

For further information: Samuli Lehti / samuli.lehti@ssh.com


...

Nokia Bell Labs: Domain-specific threat modeling framework formobile communication systems NETSEC

...

Modern processors are complex and incorporate several mechanisms like caching, speculation, and out-of-order execution to improve performance. Several recent attacks, like the well-known Spectre and Meltdown attacks, exploit this complexity to compromise integrity and confidentiality of computation. Variants of these attacks, like Foreshadow, are applicable against TEEs. In particular, strong adversaries capable of mounting Foreshadow-like attacks can not only compromise data confidentiality, but also remote attestation guarantees by leaking the keys used by the platform. 

In this project, you will explore how to mitigate the impact of such attacks can not only compromise data confidentiality, but also remote attestation guarantees by leaking the keys used by the platform. 

In this project, you will explore how to mitigate the impact of such attacks. As a first step, we plan to explore how remote attestation guarantees can still be retained even in the presence of attacks that may compromise confidentiality of trusted application data. We will use a TEE based on seL4, a microkernel operating system with formally proven isolation guarantees, and use it together with a smaller FPGA-based fixed-function TEE used only for cryptographic operations involved in the attestation protocol. Working with senior researchers, you will design and implement the FPGA-based TEE functionality that underpins this system. 

In the longer term, we want to explore more advanced hardware and software innovations that can retain application data confidentiality even in the presence of such strong adversaries.  This will involve modifying existing open-source processor designs to develop new defences against runtime and side-channel attacks.  Depending on your background and progress, this may also form part of this project.   

Requirements:

  • C programming experience 
  • Basic cryptographic knowledge (hash functions, digital signatures, etc.) 

Nice to have:

  • FPGA development experience 
  • Familiarity with computer architecture 

For further information: Contact Lachlan Gunn (lachlan.gunn@aalto.fi) and Prof. N. Asokan. As a first step, we plan to explore how remote attestation guarantees can still be retained even in the presence of attacks that may compromise confidentiality of trusted application data. We will use a TEE based on seL4, a microkernel operating system with formally proven isolation guarantees, and use it together with a smaller FPGA-based fixed-function TEE used only for cryptographic operations involved in the attestation protocol. Working with senior researchers, you will design and implement the FPGA-based TEE functionality that underpins this system. 

In the longer term, we want to explore more advanced hardware and software innovations that can retain application data confidentiality even in the presence of such strong adversaries.  This will involve modifying existing open-source processor designs to develop new defences against runtime and side-channel attacks.  Depending on your background and progress, this may also form part of this project.   

Requirements:

  • C programming experience 
  • Basic cryptographic knowledge (hash functions, digital signatures, etc.) 

Nice to have:

  • FPGA development experience 
  • Familiarity with computer architecture 

For further information: Contact Lachlan Gunn (lachlan.gunn@aalto.fi) and Prof. N. Asokan

Posted on April 8, 2021

...

SSH: IT Support Trainee

SSH Communications Security Oyj. is looking for an IT Support Trainee. SSH IT provides the necessary services for all SSH personnel to enable people to succeed in their work. We run services from mainframe platforms to cutting-edge lambda functions in the cloud. If you are interested in getting familiar with how IT operates and would like to learn skills in device management, what better way to spend the summer than joining SSH IT!

We are looking for a person who is/has:

  • Interested in challenging her/himself
  • Good in identifying a problem and especially finding a solution
  • Basic understanding of how computers work
  • Basic understanding of how computers communicate over a network
  • Good communication skills in English
  • Any programming skill is a plus

Please fill out the application form at https://careers.ssh.com and introduce yourself to us. Tell us also the period you would be available to work.