CYBER-DEFENCE FELLOWSHIPS: Ksandros Apostoli
To promote research and education in cyber-defence, EPFL and the Cyber-Defence (CYD) Campus launched in 2020 the rolling call for Master Thesis Fellowships – A Talent Program for Cyber-Defence Research.
This month we are introducing you Ksandros Apostoli, the recipient of the fourth CYD Master Thesis Fellowship. Ksandros is in the second year of his Master studies in the Computer and Communication Sciences Section, at the Decentralised and Distributed Systems Engineering Laboratory at EPFL.
How did you find out about the CYD Fellowships and what motivated you to apply?
At first, I came across the Cyber-Defence Campus Fellowship programs thanks to several informative e-mails in my EPFL mailbox. Later, during one of my classes, I had the chance to participate in a presentation given by Dr. Martin Strohmeier from the CYD Campus, who better described the nature and mission of the initiative. At the same time, one of my good friends and colleagues, Louis Merlin, also applied for the fellowship and eventually he was awarded the grant. Overall, I saw a great opportunity in the fellowship program, allowing me to work longer on my project, and involve myself in the community of the CYD Campus that is highly concerned with cybersecurity research. Last but not least, the mentorship and financial support were certainly among the main motivators too, allowing me to have an additional piece of valuable advice during my work, while offering me a financial convenience to fully focus on my project.
What is your CYD Fellowship project about?
In simple terms, my project aims to tackle an old but tricky duality problem: that between privacy and accountability. The majority of us hold tens and often hundreds of sets of credentials that make the access and usage of digital resources possible, which is already a core part of our daily routines. On one hand, the excessive amount of personal information within these credentials has given rise to serious privacy concerns. On the other hand, reducing the amount of information about the holder of a credential, makes accountability particularly difficult in the case of malicious behaviour. In other words, how is it possible to track or hold accountable a malicious user, if there is not enough information to identify that user in the first place? Fortunately, there appears to be a way of solving this seemingly impossible duality, by binding one’s digital identity to their physical existence, i.e. personhood, rather than on personally identifiable information. Concretely, in my project, I am researching methods for building a credential system that relies on precisely this notion, known as Proof-of-Personhood for accountability, while utilising state-of-the-art cryptographic primitives to offer strong and enhanced privacy guarantees.
What are the advantages of conducting your master thesis project at the CYD Campus?
Cybersecurity still consists of a relatively narrow circle of people, and especially in Switzerland. Therefore, in my opinion, it is important to have initiatives such as the CYD Campus that bring this community together and allow them to interact and cooperate. When writing a thesis, this interaction and cooperation is crucial of course, as I am able to continuously discuss my work progress and get valuable feedback that helps me steer my focus in the right direction. Furthermore, extending my project from the standard 4-month period to 6 months, will surely allow for deeper insights and more thorough work in my thesis. Lastly, having a space at the CYD Campus offices in Zürich, certainly makes work easier, and a living allowance is always nice to have as a student.
Did you as a child dream of working in cyber-defence?
Not really. As a child I remember breaking a few of the computers we had at home over the years because of my curiosity in trying out things on them. Fortunately, as I grew up my interest in computers became less destructive, and during high school I started exploring programming on my own. However, up until that point it was a hobby and not a career path. I even enrolled in a program in medicine, which is in fact where I realized that nothing was attracting me as much as computer science, so I immediately switched fields after one year. My interest in cyber-security arose a bit later, when I was studying Mathematics as my second major. At that time I first came across cryptography and became fascinated by the idea that you can use number theory and abstract algebra to achieve a formal notion of security. From that point on, my curiosity in cybersecurity grew, which is also why I decided to enrol in the cybersecurity program offered by EPFL and ETHZ.
What is driving you to pursue research in cyber-defence?
I think that cybersecurity itself resembles a cat and mouse problem: defence always tries to come up with new, better solutions to guarantee security, but it is almost always just a matter of time before people in offense come up with even better methods for breaking them. This makes the field particularly interesting, especially if you enjoy constant challenges, which I do. In fact, I find myself interested in both cyber-defence and offense, but while I like to get my hands dirty for the offensive part, for instance by trying to attack concrete systems, like in CTF competitions, I find research to be more valuable in cyber-defence, allowing for the use of imagination in creating new approaches for making information systems more secure and private.
What is the most important lesson you have learned in your scientific career so far?
There will always be assumptions, at least a few, so instead of trying to avoid them at any cost, try to understand them and come up with solutions that clearly acknowledge them. Once you perfect such solutions, the assumptions you made will become your next lead in achieving something bigger.
What are you most proud of in your career to date?
In terms of an academic career, I have always strived to learn all that I could at each step throughout the process. This has come with the additional benefit of several awards throughout the years, be it in competitive programming challenges, olympiads in mathematics or special honours in both mathematics and computer science during my bachelor’s as top of my class. Now that I have started my master’s, I still feel proud of my academic record, even though this competitive spirit that used to be stronger when I was younger is slowly being replaced by the pleasure I take from understanding new things in more abstract ways such as research rather than practical challenges.
Outside the lab, what do you enjoy doing most?
I enjoy always being on the lookout for new things that give me pleasure, rather than enlisting only a number of such things. However, some of my longer-term leisure companions are CTF or programming competitions, cycling, range shooting, and perhaps just simply exchanging ideas with new people I meet.
What are your expectations about the CYD Fellowship?
Given the scope of the project, which I enjoy a lot, and the progress up to this point, I truly hope I will be able to provide useful and utilisable work at the end of my fellowship, which will ultimately be used towards a more practically secure digital realm.
Could you share some tips with future applicants who are considering applying for the CYD Fellowships?
The most important tip I could give to anyone, is to not hesitate in applying. The second tip, is to start early enough with the application, which means takeing some time in advance to consider the topic and criteria. Even though the application is fairly straight-forward and well-explained, it is relatively lengthy, and you do not want to rush through everything in the last moment as I did.
The CYD Fellowships are supported by armasuisse Science and Technology.