lecturing

Understanding Stream Ciphers with LFSRs

/ bugejajoseph / Leave a comment

Last week, I delivered a lecture at the University of Malta on stream ciphers, building on our previous session on pseudorandom number generation. We had previously covered PRNGs and CSPRNGs, providing the foundation for understanding secure encryption methods, leading to our discussion on Linear Feedback Shift Registers (LFSRs) and their role in stream ciphers.

LFSRs are simple yet powerful tools in cryptography. They generate sequences based on their current state and a feedback mechanism, making them useful in stream ciphers due to minimal hardware needs and long outputs. LFSRs consist of a series of flip-flops connected in a chain, with the output of some flip-flops XORed and fed back into the input. This feedback loop creates a pseudorandom sequence of bits, which can be used as a keystream for encryption.

Students explored how LFSRs create cryptographic bitstreams, essential for understanding more advanced systems. Below is a Python code snippet of a basic 4-bit LFSR, illustrating how its state evolves and new bits are generated through feedback.

state = 0b1001
for i in range(20):
print("{:04b}".format(state))
newbit = (state ^ (state >> 1)) & 1
state = (state >> 1) | (newbit << 3)

My First Lecture at the University of Malta

/ bugejajoseph / Leave a comment
Snapshot of the title slide captured prior to the lesson.

I initiated the Applied Cryptography course at the University of Malta on Monday evening. As a cyber security professional and academic with a strong commitment to the field of information security, I am genuinely excited to be leading this specialized academic course this year.

Throughout the introductory lecture, I delved into the foundational concepts of cryptology, emphasizing its profound relevance within contemporary security applications. The pedagogical discourse traversed a diverse spectrum of topics, encompassing cryptographic mechanisms, the examination of classical substitution ciphers and their formal representations, a concise introduction to cryptanalysis, and more.

I am excited to be a part of this journey and look forward to the next lecture in this course on Monday!

Hosting Virtual Classes using Zoom and Discord

/ bugejajoseph / Leave a comment

On Monday, 18 January, I delivered my first lecture for 2021 in my cybersecurity course at Malmö University. This year, is my 5th year running this course, and I have about 120 students registered for the course. This is a good turnout, and I am happy that many students are keen to learn about cybersecurity. Unlike previous years, the full course, including all its deliverables are going to be held online.  So, anyone provided with the link to the lecture and an Internet connection can access the lecture live, potentially from anywhere without the need to commute to university.

When it comes to lectures, I am using Zoom as the main software program to share my slides and interact with students. One of the cool features of Zoom, which is similar to that of a traditional classroom, is its whiteboard. Effectively, Zoom allows the host to share a digital whiteboard that can be used in a similar way to a physical whiteboard but supporting more options. When using Zoom’s whiteboard, I commonly connect my tablet to the meeting and start sketching out using a digital pen. It can be quite challenging to draw a diagram using only a computer mouse. 

Sharing the Whiteboard on Zoom

Sharing the whiteboard on Zoom.

Another nice feature of Zoom, that I started using recently, particularly for managing a workshop, is called “breakout rooms.” This function allows the meeting host to split the participants into smaller groups so that participants can discuss separately in different rooms without disturbing others. I have seen the use of “breakout rooms” in many virtual conferences I have participated in recently. The partitioning into groups can be done automatically or manually, or otherwise, the host can allow participants to select and enter breakout sessions as they please. 

As a complement to “breakout rooms” in Zoom, I am also using Discord for supporting students, especially in their lab practicals. Discord is a VoIP, instant messaging, and digital distribution platform, particularly popular with gamers. In our case, we found Discord to be fast and reliable for handling voice and video simultaneously. Its straightforward participation system also makes it ideal for assisting students in their practicals. 

In case you want to learn more about my experience with digital teaching, please feel free to get in touch or leave a comment below.

Online Lecture about IoT Security

/ bugejajoseph / Leave a comment

On 01 October, I was invited to deliver an online lecture about the topic of securing the Internet of Things (IoT) to Lund University Bachelors students. I have been researching security and privacy on a full-time time basis for the past five years and working on information security for well over a decade.

My lecture consisted of a two-hour presentation, where I focused on some key attacks targeting consumer and industrial IoT applications. Denial-of-service attacks, routing attacks, and service attacks of which we have been talking about for many years have become even more serious. For instance, think about Mirai, the botnet which broke out in 2016, and other malware targeting unsecured IoT devices such as webcams. This is partly happening due to the interconnectedness of the devices, but especially due to a lack of inbuilt security measures. In this regard, Vint Cerf, one of the computer scientists hailed as a founding father of the Internet, said in an ACM panel in 2017:

“The biggest worry I have is that people building [IoT] devices will grab a piece of open source software or operating system and just jam it into the device and send it out into the wild without giving adequate thought and effort to securing the system and providing convenient user access to those devices.”

Although plugging any device to the Internet is becoming the trend especially with the rise of the IoT, I believe that companies should put in more effort into securing their devices prior to releasing them to the consumer market. Unfortunately, it is still common to run simple attacks, such as SQL injections, on IoT devices, and finding them vulnerable to that.

Information Security – Kick-off Lecture

/ bugejajoseph / 1 Comment

Yesterday, on 23rd January 2019, I delivered my first lecture (titled: “Course Overview”) between 8:15 am – 10:00 am part of the Information Security course at Malmö University.  This is the third academic year that I am running this exciting course at Bachelor’s level.

Different to the previous years, this time the course material will be published on Canvas (instead of itslearning), officially I am the course responsible, and the amount of students enrolled on this course exceeds 150 students! This is almost double the amount of students I had two years ago! Indeed, this is very satisfying as a tutor to have so many students that recognise the increasing importance of information security!

ed6a47d0-6d51-4445-87c4-dd2b859dcb21 (1)

Lecture at the “Faculty of Odontology” part of Malmö University.

One of the key points, I mentioned is how the sophistication of attacks is increasing especially since the introduction of Internet of Things (IoT) enabled technologies.

A particular instance of this are attacks being carried out remotely, for instance through the help of drones (war-flying). As a demonstration of this in the clip below, researchers exploit a ZigBee vulnerability (by delivering a malicious Over The Air update) forcing smart Hue light bulbs to flash S.O.S in distress.

What attacks should we expect in the future? Certainly, I would expect to see more of the above and increasingly more autonomous attacks potentially targeting SCADA/ICSs and smart cities causing blackouts and more. Possibly such attacks can be permanent and have irreversible consequences.