Cybersecurity is the protection of computer systems and networks from the theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide. This research area studies secure systems including human factors, software and hardware.


N. Asokan (Secure Systems Research Group) Aalto University

Tuomas Aura (Secure Systems Research Group) Aalto University

Chris Brzuska Aalto University

Lachlan Gunn Aalto University

Janne Lindqvist (Aalto Human-Computer Interaction and Security Engineering Lab, Focus area deputy leader) Aalto University

Valtteri Niemi (Focus area leader) University of Helsinki


HAIC Talks: The HAIC public outreach initiative aims to make cybersecurity more accessible to a broader audience. As part of this initiative, are organizing HAIC Talks, a series of public lectures on contemporary topics in cybersecurity. In the style of studia generalia, these lectures are free and open to everyone. No background knowledge in cybersecurity is required. HAIC Talks are made possible through the generous support of the Aalto University School of Science.


Research Highlights

Hardware Platform Security for Mobile Devices is a new book, published in Now’s Foundations and Trends in Privacy and Security series. A preprint is available here.

Today, personal mobile devices like smartphones and tablets are ubiquitous. People use mobile devices for fun, for work, and for organizing and managing their lives, including their finances. This became possible because over the last two decades, mobile phones evolved from closed platforms intended for voice calls and messaging to open platforms whose functionality can be extended in myriad ways by third party developers. Such wide-ranging scope of use also means widely different security and privacy requirements for those uses. The mobile device ecosystem involved multiple different stakeholders such as mobile network operators, regulators, enterprise information technology administrators, and of course ordinary users. So, as mobile platforms became gradually open, platform security mechanisms were incorporated into their architectures so that the security and privacy requirements of all stakeholders could be met. Platform security mechanisms help to isolate applications from one another, protect persistent data and other on-device resources (like access to location or peripherals), and help strengthen software against a variety of attack vectors. All major mobile platforms incorporate comprehensive software and hardware platform security architectures, including mechanisms like trusted execution environments (TEEs).

Over the past decade, mobile devices have been undergoing convergences in multiple dimensions. The distinction between “mobile” and “fixed” devices has blurred. Similar security mechanisms and concepts are being used across different platforms, leading to similar security architectures. Hardware enablers used to support platform security have gradually matured. At the same time, there have also been novel types of attacks, ranging from software attacks like return- and data-oriented programming to hardware attacks like side channels that exploit micro-architectural phenomena. It is no longer tenable to assume that the current hardware security mechanisms underpinning mobile platform security are inviolable.

The time is therefore right to take a new look at mobile platform security, which brings us to this book. We focus on hardware platform security. The book is divided into four parts: we begin by looking at the why and how of mobile platform security, followed by a discussion on vulnerabilities and attacks; we conclude by looking forward discussing emerging research that explores ways of dealing with hardware compromise, and building blocks for the next generation of hardware platform security.

Our intent is to provide a broad overview of the current state of practice and a glimpse of possible research directions that can be of use to practitioners, decision makers, and researchers.

Nimble Out-of-Band Authentication for EAP (EAP-NOOB)

Tuomas Aura, Mohit Sethi, Aleksi Peltonen

The Extensible Authentication Protocol (EAP) provides support for multiple authentication methods. This document defines the EAP-NOOB authentication method for nimble out-of-band (OOB) authentication and key derivation. The EAP method is intended for bootstrapping all kinds of Internet-of-Things (IoT) devices that have no preconfigured authentication credentials. The method makes use of a user-assisted, one-directional, out-of-band (OOB) message between the peer device and authentication server to authenticate the in-band key exchange. The device must have a nonnetwork input or output interface, such as a display, microphone, speaker, or blinking light, that can send or receive dynamically generated messages of tens of bytes in length.

Doi: 10.17487/RFC9140

On Derandomizing Yao’s Weak-to-Strong OWF Construction

Chris Brzuska, Geoffroy Couteau, Pihla Karanko, Felix Rohrbach

The celebrated result of Yao (Yao, FOCS’82) shows that concatenating n⋅p(n) copies of a weak one-way function (OWF) f, which can be inverted with probability 1−1p(n), suffices to construct a strong OWF g, showing that weak and strong OWFs are black-box equivalent. This direct product theorem for hardness amplification of OWFs has been very influential. However, the construction of Yao is not security-preserving, i.e., the input to g needs to be much larger than the input to f. Understanding whether a larger input is inherent is a long-standing open question.

In this work, we explore necessary features of constructions which achieve short input length by proving the following: for any direct product construction of a strong OWF g from a weak OWF f, which can be inverted with probability 1−1p(n), the input size of g must grow as Ω(p(n)). By direct product construction, we refer to any construction with the following structure: the construction g executes some arbitrary pre-processing function (independent of f) on its input, obtaining a vector (y1,⋯,yl), and outputs f(y1),⋯,f(yl). Note that Yao’s construction is obtained by setting the pre-processing to be the identity. Our result generalizes to functions g with post-processing, as long as the post-processing function is not too lossy. Thus, in essence, any weak-to-strong OWF hardness amplification must either (1) be very far from security-preserving, (2) use adaptivity, or (3) must be very far from a direct-product structure (in the sense of having a very lossy post-processing of the outputs of f).

On a technical level, we use ideas from lower bounds for secret-sharing to prove the impossibility of derandomizing Yao in a black-box way. Our results are in line with Goldreich, Impagliazzo, Levin, Venkatesan, and Zuckerman (FOCS 1990) who derandomize Yao’s construction for regular weak OWFs by evaluating the OWF along a random walk on an expander graph—the construction is adaptive, since it alternates steps on the expander graph with evaluations of the weak OWF.

DOI: 10.1007/978-3-030-90453-1_15

FPGA Implementations of 256-Bit SNOW Stream Ciphers for Postquantum Mobile Security

Milad Bahadori, Kimmo Järvinen, Valtteri Niemi

Quantum computing is a serious threat for contemporary cryptography and, in order to address this threat, key sizes used for symmetric cryptography should be doubled, most typically from 128 to 256 bits. The third-generation partnership project (3GPP), the standards organization for mobile communications, is currently in the process of adding support for 256-bit keys into future mobile standards for the purpose of confidentiality and integrity protection. The current standard defines three ciphers with 128-bit keys: AES, SNOW 3G, and ZUC. There are two competing stream ciphers for the replacement of the 128-bit SNOW 3G: a 256-bit variant of SNOW 3G and a new design SNOW-V. SNOW-V has superior performance in software platforms. In this article, we investigate the implementations of these ciphers on field-programmable gate arrays (FPGAs) for both confidentiality and integrity protection. We develop optimized architectures and introduce a new parallelization technique that applies to both ciphers and offers significant throughput improvements in particular when the ciphers are used in the integrity protection modes. Our results show that SNOW-V has a significant performance advantage over the 256-bit SNOW 3G also on FPGAs.

DOI: 10.1109/TVLSI.2021.3108430

On Post-Quantum Identification in 5G

Mohamed Taoufiq Damir   Valtteri Niemi

We introduce PQ 5G AKA, a prototype for possible extensions of the current 5G authentication and key agreement protocol to the post-quantum setting, we further analyse the computational and communication complexities of our prototype using potential post-quantum KEMs


Public Views on Digital COVID-19 Certificates: a Mixed Methods User Study

Leysan Nurgalieva, Aalto University, Seamus Ryan, Trinity College Dublin, Andreas Balaskas, Trinity College Dublin, Janne Lindqvist, Aalto University, Gavin Doherty, Trinity College Dublin
The COVID-19 pandemic has led governments worldwide to introduce various measures restricting human activity and mobility. Along with the administration of COVID-19 vaccinations and rapid testing, socio-technological solutions such as digital COVID-19 certificates have been considered as a strategy to lessen these restrictions and allow the resumption of routine activities. Using a mixed-methods approach – a survey (n=1008) and 27 semi-structured interviews – this study explores the attitudes of residents in the Republic of Ireland towards the idea of introducing digital COVID-19 certificates. We examine the topics of acceptability, fairness, security and privacy of COVID-related personal data, and practical considerations for implementation. Our study reveals the conditional and contextual nature of the acceptability of digital certificates, identifying specific factors that affect it, associated data practices, and related public concerns and expectations of such technologies.