Welcome Note

Dear Colleagues,

It is our pleasure to welcome you to the 5th Network and Information Security (NIS'18) Summer School, taking place in Crete, Greece, 24 September - 28 September 2018. This event, having a different "special theme" every year, is jointly organised by the European Union Agency for Network and Information Security (ENISA) and the Foundation for Research and Technology - Hellas (FORTH).

The theme for this year is "The Challenge of the Changing Risk Landscape".

The Changing Risk Landscape refers to the dynamics, dependencies and complexity inherent to Information Technology. In this context, the changing security “ecosystem” is the one of the main challenges of Information Security. The relevant community needs to speed-up reaction, collaboration and information exchange in order to achieve timely and effective response to the challenges involved. This indeed seems to be the only option for Information Security in the continuous race of defense strategies to offer adequate protection against offense attempts.

ENISA is dedicated to promoting a culture of security in Europe that will improve the ability of EU Member States to respond to cyber-attacks. It does so, by pursuing a strategy of mitigating risks through awareness, studies, reports and position papers on current NIS matters. Towards this objective, ENISA and FORTH, a research institute devoted to advancing the State-of-the-Art in ICT, bring together in this Summer School a distinguished faculty from around the world with the purpose to identify current trends, threats and opportunities against the background of recent advances on NIS measures and policies.

Recognising the multi-dimensional facets and intricacies causing changes in the information risks landscape, an array of lectures will cover a variety of key aspects on policy, economic, legal and research matters. The audience includes policy makers from EU Member States and EU Institutions, decision makers from industry and members of the academic community.

By going through a natural evolution cycle, but also by adopting current trends in networking and exchange of knowledge, this year’s Summer School aims at increasing interaction among participants. Targeted breakout sessions will enhance dialogue and exchange of ideas, while cutting edge security issues will be collected before the event through publicly accessible fora and will be channelled to the discussions. Wrap-ups of these interactive sessions will be worked out and distributed during the event.

We would like to thank our keynote speakers, facilitators and faculty for contributing to a programme of such high quality, and we are confident that the participants of NIS'18 will both benefit from, and enjoy the programme.

Overview

Prof. Dr. Udo Helmbrecht

Executive Director of ENISA

Overview

Prof. Nektarios Tavernarakis

President of FORTH

Call for Posters

The organizers of the NIS Summer School would like to offer the opportunity to non-profit organizations/activities in the area of Cyber Threat Intelligence, such as EU Horizon 2020 projects, national academic research and developments projects, open source communities, etc. to disseminate their work through this event. This can be achieved by means of posters, flyers, tool demonstrations etc.

Interested organizations are encouraged to contact the organizer to express their interest, together with some information about the dissemination material (short description of the item to be presented, relevance to CTI, method of presentation, particular presentation requirements). The organizer will review this material via its stakeholder and will inform the project about the acceptance of their presentation. The review of the material is thought as a filter for the relevance and quality of the submissions but also spatial availabilities at the venue of the event.


Interested organizations may contact us through the functional mailbox event.management@nis-summer-school.enisa.europa.eu


Posters will be presented at Room: Mezzo I and II, GROUND LEVEL throughout the duration of conference.

Speakers

More speakers TBA

Committees

Conference Chairs

Sotiris Ioannidis Foundation for Research and Technology - Hellas
Louis Marinos European Union Agency for Network and Information Security

Organising Committee

Andreas Miaoudakis Foundation for Research and Technology - Hellas
Maria Mastoraki Foundation for Research and Technology - Hellas
Panos Chatziadam Foundation for Research and Technology - Hellas

Programme Committee

Ioannis Askoxylakis Foundation for Research and Technology - Hellas
Gabi Dreo Rodosek Universität der Bundeswehr München - UniBW
Stefanie Frey DEUTOR Cyber Security Solutions GmbH
Pierre Girard Gemalto
Magnus Harlander Genua GmbH
Vasilis Katos Bournemouth University
Katerina Mitrokotsa Chalmers University of Technology
Kai Rannenberg Goethe Universität Frankfurt
Annemarie Zielstra TNO
Paul Theron Thales
Rodica Tirtea European Union Agency for Network and Information Security

Summer School Program

Printable version of the program can be downloaded following this link

08:30-09:30
Conference Hall

Conference Registration

program

Welcome Addresses

Speaker: Vassilis Maglaras
Speaker short CV

Vassilis Maglaras was born in December 1975 in Athens, where he lives ever since. He studied Political and Economic Science at Panteion University of Social and Political Science, at the National and Kapodistrian University of Athens, as well as at the Economic University of Athens.
He holds BA Hons in Political Science from the Department of Political Science and History of Panteion University of Social and Political Science, two Master degrees and two PhDs from the Department of Political Science and Public Administration of the National and Kapodistrian University of Athens and from the Department of Economic and Regional Development of Panteion University of Social and Political Science. He also holds a certified post-doctoral qualification and he is a fluent speaker of English and French.

program

Cyber Security From regulations/policies to practice

Speaker: Dr. Leandros Maglaras
Head of the National Cyber Security Authority of Greece
Speaker short CV

Dr. Leandros A. Maglaras received the B.Sc. degree from Aristotle University of Thessaloniki, Greece in 1998, M.Sc. in Industrial Production and Management from University of Thessaly in 2004, and M.Sc. and PhD degrees in Electrical & Computer Engineering from University of Volos, in 2008 and 2014 respectively. In 2018 he was awarded a PhD in Intrusion Detection in SCADA systems from University of Huddersfield. He is the head of the National Cyber Security Authority of Greece and a visiting Lecturer in the School of Computer Science and Informatics at De Montfort University, U.K.
He serves on the Editorial Board of several International peer-reviewed journals such as IEEE Access and Wiley Journal on Security & Communication Networks. He is an author of more than 90 papers in scientific magazines and conferences and is a senior member of IEEE.

Keynote Abstract

The major target of cyber attacks is a country's Critical National Infrastructure (CNI) such as ports, hospitals, water, gas or electricity producers, which use and rely upon Supervisory Control and Data Acquisitions(SCADA) and Industrial Control Systems (ICS) to manage their production. Protection of CNIs becomes an essential issue to be considered. Generally, available protective measures are classified according to legal, technical, organizational, capacity building, and cooperation aspects. In this talk, we will discuss about regulations and policies that may be used to tackle cyber attacks to CNIs along with practical measures that need to be taken in order for these regulations to be effective. Attribution of cyber attacks, especially when these originate from another nation, is questionable regarding which country or law enforcement agency has the authority to investigate and prosecute the penetrators.

Ilias Chantzos

Understanding cybersecurity innovation – Real life examples of the process, the challenges and the way to make it work

Speaker: Ilias Chantzos, Symantec

11:30-12:00

Coffee Break

program

Policy Panel

Panel Moderator: Aidan Ryan
Moderator short CV

Aidan joined ENISA in July 2014. He is a policy adviser and the Legal officer for ENISA. He is a Lawyer and an Electrical Engineer by training. Aidan has been responsible for drafting a number of policy papers for the Agency on cybersecurity policy and strategy and has supported the drafting of European Directives and Regulations in cybersecurity.
Before joining ENISA, Aidan was a technical adviser to the Minister for Communications, Energy and Natural Resources in Ireland on telecommunications, cyber security, emergency planning and the 112 emergency call answering service. He set up and was the Head of the National Cyber Security Centre in Ireland between 2011 and 2014. He was responsible for chairing a number of Council Working Parties during the Irish Presidency in 2014. He was also responsible for the preparation of the Council Conclusions on the 2013 EU Cyber Security Strategy when he chaired the Friends of the Presidency Working Group.
Aidan was a member of the Telecommunication working group that draft the founding Regulation of ENISA in 2004. Between 2004 and 2014 he was the Irish representative to the Management Board of ENISA. He also the supported the negotiation of the renewal of the mandate of ENISA in January 2013 with the European Parliament.

Panelists:

  • Ilias Chantzos
  • Dr Leandros Maglaras
  • Professor Edgar Weippl

13:00 - 14:30

Lunch

Thomas Poeppelmann

Bridging 1st PQC-functions and principles with the smart card world

Speaker:Thomas Poeppelmann

program

Lawful interception and the never-ending crypto wars

Speaker: Prof. Bart Preneel
Speaker short CV

Bart Preneel is a full professor at the KU Leuven, where he heads the Imec-COSIC research group, that has 80 members. He has authored numerous scientific publications & is inventor of five patents. His research interests are cryptography, cybersecurity & privacy. He is president of LSEC & has been president of the IACR (International Association for Cryptologic Research).
Bart has been invited speaker at more than 120 conferences in more than 40 countries. In 2014 he received the RSA Award for Excellence in the Field of Mathematics & in 2016 he received the Kristian Beckman Award from IFIP TC11.

16:00 - 16:30

Coffee Break

Gabi Dreo

Smart Attacks require Smart Defence

Speaker: Professor Gabi Dreo
Keynote Abstract

The quantity and especially the quality of cyber attacks are constantly increasing. Recent examples of high-quality attack vectors, specifically designed to permeate the state of the art technologies, show that current approaches are failing to guarantee an adequate protection. It is the asymmetry of the attack that needs to be addressed. An attacker needs to exploit only one vulnerability whereas a defender has to defend the whole system. Moving Target Defence (MTD) are promising approaches to address this asymmetry and increase the uncertainty for the attacker. The talk will give an overview of MTD approaches and discuss their applicability, including the aspect whether MTD is a potential game changer in the security landscape.

Weippl

Distributed Ledger Technology, Blockchain & Crypto Currencies – Hype & an Opportunity for Interdisciplinary Research

Speaker: Prof. Edgar R. Weippl
Speaker short CV

Edgar R. Weippl is Research Director of SBA Research and Privatdozent at the Vienna University of Technology and teaches at several universities of applied sciences. He focuses on (1) fundamental and applied research on blockchain and distributed ledger technologies and (2) security of production systems engineering.
He is on the editorial board of Elsevier’s Computers & Security journal (COSE), PC chair of ESORICS 2015, general chair of ACM CCS 2016 and PC Chair of SACMAT 2017.
After graduating with a Ph.D. from the Vienna University of Technology, Edgar worked for two years in a research startup. He spent one year teaching as an assistant professor at Beloit College, WI. From 2002 to 2004, while with the software vendor ISIS Papyrus, he worked as a consultant for an HMO in New York, NY and Albany, NY, and for the financial industry in Frankfurt, Germany. In 2004 he joined the Vienna University of Technology and together with A Min Tjoa and Markus Klemen founded the research center SBA Research.

Damien Cauquil

Rapid innovation harms the Internet of Things

Speaker: Damien Cauquil

Vangelis Gazis

An overview of the standards landscape related to IoT security.

Speaker: Vangelis Gazis

11:00-11:30

Coffee Break

program

Behind the scenes at Shadowserver: Monitoring the Darker Side

Speaker: Piotr Kijewski and David Watson
Talk Abstract

"The non-profit Shadowserver Foundation has been collecting network threat information on a large scale for many years with a mission to make the Internet a more secure environment for all. The collected data is sent to National CERTs and network owners via the Shadowserver free daily remediation feed and used to support various law enforcement investigations. Data collection on such a scale is a big challenge - the talk will give an overview of how Shadowserver operates, what data it collects, how the information is being shared and how Shadowserver has supported various botnet takedowns."

Angelos Keromytis

Keynote Lecture in the area of Cyber Threat Intelligence

Speaker: Angelos Keromytis

"Active Cyber-Defence"

13:30 - 15:00

Lunch

Demonstrators

Short presentation from the demonstrators participating in the Summer School
8 Presentations (ca. 15 Minutes time slot each)

Social Dinner

program

Introduction to the IoT Ecosystem: Terms, Definitions, Components

Speaker: Apostolos Malatras, Christina Skouloudi, ENISA

  • IoT 101
  • IoT Definition
  • IoT Ecosystem
  • IoT Assets
  • IoT Platforms
  • IoT Protocols

11:00-11:30

Coffee Break

program

Introduction to IoT Security and typical IoT attacks

Speaker: Apostolos Malatras, Christina Skouloudi, ENISA

  • IoT Security
  • IoT Security Challenges
  • IoT Threat Landscape
  • IoT Attack scenarios

12:30 - 14:00

Lunch

program

Lab exercise on BLE attacks

Speaker: Damien Cauquil, Digital Security

This lab exercise will focus on various attacks on the very common IoT communication protocol, BLE (Bluetooth Low Energy).
The agenda will be structured as follows:

  • BLE overview
    • Specs
    • How it works
  • Sniffing process
    • Tools
    • Ubertooth
    • Pitfalls
    • Why it is difficult to achieve it

15:15 - 15:45

Coffee Break

program

Lab exercise on BLE attacks

Speaker: Damien Cauquil, Digital Security

This lab exercise will focus on various attacks on the very common IoT communication protocol, BLE (Bluetooth Low Energy).
The agenda will be structured as follows:

  • MITM
    • BLE pairing
    • Secure pairing
    • Btlejuice (new tool
  • Examples of passive and active scanning
    • Smart locks
    • Other devices

program

Incident Handling overview: Basis of Incident handling

Speaker: Adrian Belmote

  • Incident handling workflow
  • Roles definition
  • Constituency and services definition
  • PoC (Point of Contacts establishment)

11:00 - 11:30

Coffee Break

program

Incident Handling overview: Basis of Incident handling

Speaker: Adrian Belmote

12:30 - 14:00

Lunch

Incident classification, analysis and resolution

Speaker: Cosmin Ciobanu

  • Incident classification
    • Taxonomy
    • Triage
  • Incident analysis and resolution
    • Basic Malware and artefact analysis
    • Line of actions definition
  • Incident reporting and final remarks

15:15 - 15:45

Coffee Break

Incident classification, analysis and resolution

Speaker: Cosmin Ciobanu

program

CTI overview: Terms, Definitions, Available Models

Speaker: Professor Christian Doerr, TU Delft
Speaker short CV

Prof. Doerr works in the broad area of network security and critical infrastructure protection. His research focus is designing resilient network systems, localizing and estimating current threats through real-time situational awareness in networks as well as conducting threat intelligence on adversaries.
Prior to joining Delft University of Technology, he was at the University of Colorado, USA, where he received his Ph.D. in Computer Science and Cognitive Science. While most of his work focuses on technology, he also integrates socio-technical aspects of cyber security with this background in his research.

  • CTI Models (kill chain, OODA, Diamond Model, F3EAD, etc..)
  • Examples
  • Key CTI Concepts
  • Kinds and scope – operational, tactical, strategic CTI
  • Interfaces to other security processes

11:00 - 11:30

Coffee Break

program

CTI overview: Terms, Definitions, Available Models

Speaker: Professor Christian Doerr, TU Delft

12:30 - 14:00

Lunch

CTI Capability Maturity Model

Speaker: Marco Barros Lourenco

  • Issues of CTI capability
  • Various levels of CTI maturity
  • Good practices of CTI capability according to organisation
  • Manage level of expectation/fulfilment - CTI KPIs/Metrics

15:15 - 15:45

Coffee Break

Deriving CTI from available data

Speaker: Piotr Kijewski, Shadowserver

  • Common types of threat feeds available to CERTs/CSIRTS
  • Derivation of threat intelligence from delivered feeds
  • Applying threat information for actionable response
  • Perform victim remediation
  • How to automate handling of feeds: practical example based on available data from Shadowserver
  • Introduction to Post Quantum Cryptography track at ENISA summer school

    Speaker: Rodica Tirtea
    ENISA

    Tanja Lange

    Cryptology, cryptography, cryptanalysis. Definitions, meanings, requirements, and current challenges

    Speaker: Prof. Tanja Lange
    Speaker short CV

    Prof Dr. Tanja Lange joined the Technische Universiteit Eindhoven (The Netherlands) as Full Professor in 2006. Her work bridges the gaps between algebraic geometry, theoretical cryptography, and real-world information security. She is an expert on curve-based cryptography and post-quantum cryptography.
    Prof. Dr. Lange is on the editorial board for 3 journals and serves on 3 steering committees, including the workshop series on Post-Quantum Cryptography. She coordinated the EU-H2020 project PQCRYPTO -- Post-quantum cryptography for long-term security https://pqcrypto.eu.org
    She is a regular speaker at crypto and security conferences and has written more than 70 articles and books, including a paper in Nature on Post-Quantum Cryptography.

    11:00 - 11:30

    Coffee Break

    Nineta Polemi

    Policies in the Quantum era

    Speaker: Prof. Nineta Polemi
    Speaker short CV

    Nineta Polemi has obtained a Ph.D. in Applied Mathematics (Coding Theory) from The City University of New York (Graduate Center). She held teaching positions in Queens College, Baruch College of City University of New York and the State University of New York. She acted as President of the BoD and Technical Manager in the security consultancy company ExpertNet. She is currently Programme Manager in the European Commission in DG CONNECT (Cyber Security and Digital Privacy Unit H1), she is under suspension of duties as tenure Associate Professor in the University of Piraeus (Dept. of Informatics) and as Director of the UNIPI Security Lab. She has taught cryptography, security of ICT systems, port security and e-business. She has over one hundred publications, organised numerous security scientific events and has received a plethora of research grants. She has been PM and TM in over than 50 security projects of various international, EU and national programmes including National Security Agency (NSA), Dr. Nuala McGann Drescher Foundation, Greek Ministry of Defence, INFOSEC, IST Programme, FP5-FP7 and Horizon2020 EU Programmes.

    12:30 - 14:00

    Lunch

    program

    EU investment in quantum computing

    Speaker: Kalbe Gustav
    Speaker short CV

    Head of Unit of the newly created High Performance Computing and Quantum Technology unit, DG Communications Networks, Content and Technology, European Commission Dr. Gustav Kalbe is German, born in Belgium. From 1986 to 1990 he studied Applied Physics at the Université Catholique de Louvain, Belgium. In 1991 he studied Applied Optics at the Imperial College of Science in London. In 1995 he completed his studies and earned a PhD in Physics, Molecular Spectroscopy, at the Université Catholique de Louvain, Belgium.
    In 1995 he began working as a project manager in photonic networks at Belgacom S.A., where he was R&D manager when he left the company.
    In 1998 he joined the Directorate General Information Society & Media of the European Commission where he started working as a Project Officer managing research projects of the European Framework Programs for Research. The main areas covered were optical telecommunications, photonics, quantum information processing, ICT security and foundational ICT research. Gustav Kalbe was among the Project officers that launched the 1st European Initiative of Quantum Technologies in 1999 and has stayed involved in this field throughout his different assignments in the European Commission.
    In 2014 Gustav Kalbe became Head of Unit for Administration & Finance in the European Commission, in Directorate General Communications Networks, Content and Technology. In 2016 he was appointed Head of Unit of the newly created High Performance Computing and Quantum Technology unit in Directorate General Communications Networks, Content and Technology.

    Via video conference High Performance Computing & Quantum Technologies, DG Com. Networks

    program

    What do quantum computers do?

    Speaker:Daniel J. Bernstein
    Speaker short CV

    Daniel J. Bernstein is the designer of the "tinydns" software used by Facebook to publish server addresses, the "ChaCha20" cipher used to encrypt Chrome's HTTPS connections to Google, the "dnscache" software used by OpenDNS to handle address requests from 65 million Internet users, the "SipHash" hash function (co-designed with Jean-Philippe Aumasson) used by Python to protect against hash-flooding attacks, the "qmail" software used by Yahoo to receive mail, and the "Curve25519" public-key system used by WhatsApp for end-to-end encryption.

    15:15 - 15:45

    Coffee Break

    Introduction to Post Quantum cryptography. Standardisation status

    Speaker: Michael Groves
    Speaker short CV

    Michael Groves is a technical director for cryptographic research at NCSC, having held a number of research positions over a period of about 20 years. He has also had a variety of advisory roles on cryptography and cyber security and has been prominent in the public debate on quantum topics in the UK. Michael is the author of three internet RFCs on identity-based cryptography (IETF RFCs 6507, 6508 and 6509) which have been adopted and standardized by 3GPP for public safety applications. For the past four years he has served as Vice Chair of the specialist ETSI Industry Specification Group studying quantum-safe cryptography.

    Bart Preneel

    Challenges and opportunities. Business cases for Quantum key distribution

    Speaker:Prof. Bart Preneel
    Speaker short CV

    Bart Preneel is a full professor at the KU Leuven, where he heads the Imec-COSIC research group, that has 80 members. He has authored numerous scientific publications & is inventor of five patents. His research interests are cryptography, cybersecurity & privacy. He is president of LSEC & has been president of the IACR (International Association for Cryptologic Research).
    Bart has been invited speaker at more than 120 conferences in more than 40 countries. In 2014 he received the RSA Award for Excellence in the Field of Mathematics & in 2016 he received the Kristian Beckman Award from IFIP TC11.

    program

    Assessment of IoT security frameworks

    Speaker: Apostolos Malatras, Christina Skouloudi, ENISA

    • OWASP IoT Framework Assessment
    • ENISA Baseline IoT Security
    • GSMA IoT Security Guidelines and Assessment

    11:00-11:30

    Coffee Break

    program

    Assessment of IoT security frameworks

    Speaker: Apostolos Malatras, Christina Skouloudi, ENISA

    • ENISA IoT Security Measures Tool
    • Wrap-up
    • Takeaways

    12:30 - 14:00

    Lunch

    program

    Lab exercise on assessment and implementation of IoT security frameworks

    Speaker: Hannes Tschofenig, ARM Ltd.

    In the morning session you will learn about the IoT security frameworks developed by ENISA, GSMA and OWASP.

    In this session you will be put into the role of a product manager, who has to determine whether the security recommendations have indeed been met. Organized in small teams you will be looking at production-quality code and network traces to answer the security assessment challenges in this hands-on session.

    What can you expect? You will learn how to apply the security recommendations to real-world implementations. We expect this to be a discussion intensive session!

    15:15 - 15:45

    Coffee Break

    program

    Lab exercise on assessment and implementation of IoT security frameworks

    Speaker: Hannes Tschofenig, ARM Ltd.

    Continuation of the session started at 14:00. For those who are interested in a post-session exercise the group will meet in the hotel bar to get IoT code running on the FRDM-K64F running the Cortex-M4 processor.

    program

    Incident handling and basic artifact analysis

    Speaker: Adrian Belmote

    • Artefact categorization & Prioritization
    • Network Artefact Collection
    • Tools
    • Forensics Procedures
    • Building a Timeline

    11:00 - 11:30

    Coffee Break

    program

    Incident handling and basic artifact analysis

    Speaker: Adrian Belmote

    12:30 - 14:00

    Lunch

    Practice triage and incident handling processes

    Speaker: Cosmin Ciobanu

    • Quiz / Examination
    • Real life scenarios
    • Mitigation Strategy

    15:15 - 15:45

    Coffee Break

    Practice triage and incident handling processes

    Speaker: Cosmin Ciobanu

    CTI: good practices and tools

    Speaker: Andreas Sfakianakis, Independent CTI expert

    • Introduction to Intelligence Requirements
    • Intelligence Report Writing
    • APT Landscape and Threat Actor Tracking
    • Example CTI report writing

    11:00 - 11:30

    Coffee Break

    CTI: good practices and tools

    Speaker: Andreas Sfakianakis, Independent CTI expert

    12:30 - 14:00

    Lunch

    Operational and tactical CTI: good practices and tools

    Speaker: Stavros Lingris, CERT EU

    • Example with operational data analysis: Maltego
    • Sharing Intelligence: what , when and how
    • CTI and Active Defence: definitions, goals, advantages, techniques and tools

    15:15 - 15:45

    Coffee Break

    Operational and tactical CTI: good practices and tools

    Speaker: Stavros Lingris, CERT EU

    program

    Lattice based post quantum cryptography

    Speaker: Vadim Lyubashevsky
    IBM

    Speaker short CV

    Vadim Lyubashevsky is a researcher in the cryptography group at IBM Research – Zurich. His main area of research is post-quantum cryptography based on the hardness of lattice problems. In particular, he has done extensive foundational work on constructions of efficient cryptographic primitives, including encryption, digital signatures, and zero-knowledge proofs, based on the hardness of ideal-lattice problems. His designs have been used as blueprints for submissions, by many various groups, to the ongoing NIST post-quantum standardization process. Vadim's research is currently supported by a starting ERC grant FELICITY.
    Vadim received his Ph.D. in 2008 from UCSD, after which he spent two years as a post-doc at Tel-Aviv University. Prior to joining IBM, he was a researcher at Inria in France from 2010 - 2015.

    program

    Practical implementation of lattice-based cryptography

    Speaker: Prof Maire O'Neill
    Queen’s University of Belfast

    Speaker short CV

    Prof Máire O’Neill is Principal Investigator of Queen’s University of Belfast’s Centre for Secure Information Technologies (CSIT). She is currently Director of the UK Research Institute in Secure Hardware and Embedded Systems (RISE: https://www.ukrise.org/). She also leads the EU H2020 SAFEcrypto (Secure architectures for Future Emerging Cryptography) project (www.safecrypto.eu). She previously held an EPSRC Leadership Fellowship (2008-2014) and was a former holder of a UK Royal Academy of Engineering research fellowship (2003-2008). She has received numerous awards for her research work which include a 2014 Royal Academy of Engineering Silver Medal and British Female Inventor of the Year 2007. She has authored two research books and has over 140 international peer-reviewed conference and journal publications. She is Associate Editor for IEEE Transactions on Computers and IEEE Transactions on Emerging Topics in Computing and has acted as guest editor for a number of journals, including a special issue on ‘Cryptography in the coming decade’ in ACM Trans. on Embedded Computing (2015). Her research into high-speed AES security was successfully commercialised by Amphion Semiconductors and collaborative research with ETRI on a novel security architecture for Electric Vehicle

    11:00 - 11:30

    Coffee Break

    Case study on PQ identity-based cryptography

    Speaker: Michael Groves
    Speaker short CV

    Michael Groves is a technical director for cryptographic research at NCSC, having held a number of research positions over a period of about 20 years. He has also had a variety of advisory roles on cryptography and cyber security and has been prominent in the public debate on quantum topics in the UK. Michael is the author of three internet RFCs on identity-based cryptography (IETF RFCs 6507, 6508 and 6509) which have been adopted and standardized by 3GPP for public safety applications. For the past four years he has served as Vice Chair of the specialist ETSI Industry Specification Group studying quantum-safe cryptography.

    12:30 - 14:00

    Lunch

    program

    Hash-based Signatures

    Speaker: Stefan-Lukas Gazdag
    genua GmbH

    Speaker Short CV

    Stefan-Lukas Gazdag is research engineer and firewall developer at genua GmbH. After starting out with network security, monitoring of security critical systems, intrusion detection and event management he switched his interest field to cryptography. Currently he works on bringing post-quantum cryptography into practice. He holds a Master of Science in Computer Science.

    program

    Code-based Cryptography (I)

    Speaker: Daniel Loebenberger
    genua GmbH

    Speaker Short CV

    Daniel Loebenberger earned his doctorate in 2012 at the University of Bonn in the area of applied cryptography. He then continued to research and teach in Bonn at the Bonn-Aachen International Center for Information Technology (b-it). Since the beginning of 2016, he has been working as an IT security expert with a focus on cryptography at genua GmbH, Munich. Among others, he is currently researching practical feasibility of quantum-resistant VPNs.

    15:15 - 15:45

    Coffee Break

    program

    Code-based Cryptography (II)

    Speaker: Daniel Loebenberger
    genua GmbH

    Speaker Short CV

    Daniel Loebenberger earned his doctorate in 2012 at the University of Bonn in the area of applied cryptography. He then continued to research and teach in Bonn at the Bonn-Aachen International Center for Information Technology (b-it). Since the beginning of 2016, he has been working as an IT security expert with a focus on cryptography at genua GmbH, Munich. Among others, he is currently researching practical feasibility of quantum-resistant VPNs.

    program

    Protocol integration and implementation problems

    Speaker: Stefan-Lukas Gazdag
    genua GmbH

    Speaker Short CV

    Stefan-Lukas Gazdag is research engineer and firewall developer at genua GmbH. After starting out with network security, monitoring of security critical systems, intrusion detection and event management he switched his interest field to cryptography. Currently he works on bringing post-quantum cryptography into practice. He holds a Master of Science in Computer Science.

    program

    The libpqcrypto software library for post-quantum cryptography

    Speaker:Daniel J. Bernstein
    Speaker short CV

    Daniel J. Bernstein is the designer of the "tinydns" software used by Facebook to publish server addresses, the "ChaCha20" cipher used to encrypt Chrome's HTTPS connections to Google, the "dnscache" software used by OpenDNS to handle address requests from 65 million Internet users, the "SipHash" hash function (co-designed with Jean-Philippe Aumasson) used by Python to protect against hash-flooding attacks, the "qmail" software used by Yahoo to receive mail, and the "Curve25519" public-key system used by WhatsApp for end-to-end encryption.

    Plenary of all trainings

    • Presentation 'Post-quantum crypto. Summary of recommendations' , By: Prof. Tanja Lange

      Prof Dr. Tanja Lange joined the Technische Universiteit Eindhoven (The Netherlands) as Full Professor in 2006. Her work bridges the gaps between algebraic geometry, theoretical cryptography, and real-world information security. She is an expert on curve-based cryptography and post-quantum cryptography.
      Prof. Dr. Lange is on the editorial board for 3 journals and serves on 3 steering committees, including the workshop series on Post-Quantum Cryptography. She coordinated the EU-H2020 project PQCRYPTO -- Post-quantum cryptography for long-term security https://pqcrypto.eu.org
      She is a regular speaker at crypto and security conferences and has written more than 70 articles and books, including a paper in Nature on Post-Quantum Cryptography.

    • Present IoT security to executives
    • Present Incident Handling to executives
      • Team presentation to “virtual” decision makers: Incident Handling pros and cons for “Inno-Soft SME”
      • Incident Handling maturity levels, tools, human resources, costs
    • Present CTI Approach to executives
      • Team presentation to “virtual” decision makers: CTI solution for “Inno-Soft SME”
      • CTI capability/maturity level, tools, human resources, costs

    Clossing Session

    12:30 - 14:00

    Lunch

    16:45 - 19:30
    Knossos

    End of Event

    Visit to archaeological site of Knossos

    Venue & Accomodation

    The venue of the Summer School is Galaxy Hotel Iraklio . Galaxy Hotel is simply the place to be whether you seek to combine business with leisure or leisure with pleasure.

    Hotel Reservation:

    Hotel reservation will be available through the registration process, subject to availability

    Travel Information

    Information about how to get to the conference venue Galaxy hotel can be found in the link provided from the hotel: How to Reach Galaxy Hotel

    Registration

    There are four types of registration available:

    • Complete: Participant can attend all events
    • Conference only: Participant can attend the conference event only
    • Training Course only: Participant can attend one of the 4 available training courses, subject to availability:
      • Internet of Things Security
      • Incident Handling
      • Cyber Threat Intelligence
      • Introduction to Post Quantum Cryptography
    • Poster presentation: Includes invitation for 2 persons

    Registation Fees

    industry academia/public sector students
    Complete Event 500 € 400 € 200 €
    Conference only 250 € 200 € 100 €
    Training session only 250 € 200 € 100 €
    Poster Presentation 500 € 500 € 500 €

    Registration is available through:

    CCBS GREECE P.C. Cretan Conference and Business Services P.C
    6 Pediados Str, 71201, Heraklion GR
    Tel: +30 2810 331010, Fax: +30 2810 330606

    A cancellation fee of €50 applies. No cancellation will be allowed after July 30, 2018. If you cannot attend you may transfer the registration to another person.

    Contact Information


    European Union Agency for
    Network and Information Security Agency

    1 Vasilissis Sofias Str Maroussi 151 24
    Attiki, Greece
    Tel: +30 28 14 40 9711


    Foundation for Research and Technology - Hellas


    N. Plastira 100, Vassilika Vouton
    Heraklion, GR-700 13, Crete, Greece
    Tel.: +30 2810 391945