Tilmeld dig nu

Er du allerede tilmeldt og ønsker at ændre din profil, så klik her.


Digital Backdoors – how to uncover and close them - 8 March 2016

We all know that backdoors into cryptography, networks, computers and software can compromise data, remove trust from the company and create headlines in the media.

It-vest - networking universities has gathered IT-security experts from Aalborg University and Aarhus University and invites anyone who works with IT-security at a technical level, their colleagues and managers to our morning meeting 'Digital Backdoors - how to uncover and close them'.

Here you will learn more about different kinds of backdoors and how to uncover and close them – and how not to be the company creating the backdoors. 

The event takes place 8 March 2016 at 08.00-10.00 am in Aarhus.


8.00-8.15 am: Coffee and bread 

8.15-8.45 am: 'Backdoors in Cryptography' by Associate Professor Claudio Orlandi, Aarhus University

8.50-9.20 am: 'Fighting botnets – the core of the crime' by Associate Professor Jens Myrup Pedersen, Aalborg University

9.25-9.55 am: 'HEARTBLED and Zero Days: from Programming Errors to Digital Backdoors' by Associate Professor René Rydhof Hansen, Aalborg University

The talks and the speakers

'Backdoors in Cryptography'

Claudio Orlandi

Cryptography is the fundamental tools which allows for secure communication over insecure channels (such as the Internet) and without crypto it would be impossible to run sensitive applications online (such as commerce, banking, healthcare, etc.).

The documents leaked by Edward Snowden revealed the existence of programs which seek to "defeat the encryption used in specific network communication technologies" by e.g. inserting backdoors into cryptographic standards. This has received huge critics from the research community since (regardless of political considerations) weakening crypto helps the "bad guys" as well.

In this talk I will talk about the case of Dual_EC_DRBG (a pseudorandom generator which has been standardised by NIST (National Institute of Standards and Technology) and which has allegedly been backdoored by the NSA) and about the recent discovery of how this might have been exploited by a third-party to compromise the security of Juniper firewalls.

About Claudio Orlandi

Claudio Orlandi works as an Associate Professor in the Cryptography and Security group of Aarhus University. His research focus are cryptographic protocols for advanced functionalities and he is involved in several national and international research projects. He teaches courses in security and cryptography at the Department of Computer Science and as a part of the It-vest Master in IT-Security.

'Fighting botnets - the core of the crime'

Jens Myrup Pedersen

Botnets comprise of computers - often in thousands or even millions - which have been compromised and taken over by third parties. The Botmaster, controlling the infected machines, can now use these for a large variety of malicious purposes including information theft, email spam, click fraud and distributed denial of service attacks.

In this talk I will talk about how botnets work, and how we can fight them. Particular focus will be on how traffic analysis can be used to detect communication between infected machines and their command and control servers in order to deal with the infections at an early stage, and hopefully before harmful activities are carried out.

As part of the talk I will demonstrate how we run infected machines in a controlled yet realistic environment, and give examples of some of our recordings of characteristic botnet behavior.

About Jens Myrup Pedersen

Jens Myrup Pedersen is Associate Professor in Department of Electronic Systems at Aalborg University. His research focuses on network-based detection of malicious activities, and includes both academic and more industrial oriented projects. He is involved in both Danish and European educational initiatives, and teaches among other courses in the IT-Vest Master in IT-Security.

'HEARTBLED and Zero Days: from Programming Errors to Digital Backdoors'

René Rydhof Hansen

Programming errors play a crucial role in most, if not all, security breaches involving computers: bugs can be exploited by an attacker either directly to gain access to the system or indirectly to extract information from the system or even obtain more privileged access, e.g. "super user" access.

As recently revealed by the Snowden documents, such bugs that can compromise security are actively being developed and used by various government agencies to gain access to systems of interest. However, there are many other actors that have an interest in security vulnerabilities for various reasons that are more or less legitimate (and legal). This has led to the development of a "grey" market for security vulnerabilities where security researchers can secretly sell their knowledge to the highest bidder: In September 2015, Zerodium announced a USD1.000.000 reward for the development of a zero-day exploit targeting the iOS operating system for iPhones. The reward was claimed in November 2015.

In this talk I will illustrate how a seemingly trivial programming error can be turned into a major security vulnerability. I will further talk about why it is so hard to avoid these programming errors and what can be done about them.

About René Rydhof Hansen

René Rydhof Hansen is an Associate Professor at the Department of Computer Science at Aalborg University and a former board member of the Danish Council for Greater IT-Security. His research focuses on theories, tools, and techniques for developing dependable and secure systems as well as formal modelling and analysis of security in socio-technical systems. He participates in several international research projects and teaches courses on developing secure software at IT-Vest's Master in IT-Security.

Read about the IT-Vest Master of IT-security (in Danish).

Practical information and registration

'Digital Backdoors - how to uncover and close them'.

Date: 8 March 2016

Time: 8.00 - 10.00 am

Registration deadline is prolonged:
Until 7 March, 10.00 am

Place: Incuba, Åbogade 15, 8200 Aarhus N
(Due to great attendance the event has been moved from the earlier announced address to larger facilities in Incuba)

Look at the map

Price: Free

Language: English

Parking: Free
At the corner of Åbogade and Katrinebjergvej or at Storcenter Nord at the corner of Åbogade and Helsingforsgade

By WildSide

It-vest - samarbejdende universiteter · Åbogade 15 · 8200 Aarhus N · tlf. 7027 6850 · it-vest(at)it-vest.dk · www.it-vest.dk

Cookie- og privatlivspolitik