Professor Atefeh (Atty) Mashatan joined the School of Information Technology Management of Ryerson University in 2016. Her research focus has been on Information Systems Security, Cryptography, and Combinatorics.
Prior to joining Ryerson University, Dr. Mashatan was a Senior Information Security Consultant and Solutions Architect at CIBC (Canadian Imperial Bank of Commerce), 2012-2016, with a focus on cryptography and enterprise architecture where she led numerous solution design, implementation, and validation of strategic projects - many of which were NDA initiatives. Working with business technology partners, she also led the evaluation of newly proposed and existing security systems and provided subject matter expertise to the threat and risk management and enterprise gating partners.
Prior to that Dr. Mashatan was a Scientific Collaborator at the Security and Cryptography Laboratory of School of Computer and Communication Sciences, EPFL (Swiss Federal Institute of Technology, Lausanne), 2009-2012, where she conducted research on design and analysis of cryptographic protocols, such as authentication and revocation, by means of mathematical tools. She also collaborated with Nokia Research Centre and her work resulted in a patent.
Dr. Mashatan obtained her PhD from the University of Waterloo, under the supervision of Professor Douglas Stinson, and her Certificate in University Teaching from the Centre for Teaching Excellence. She is a Certified Service Oriented Architect (SOA) with Honours. She obtained the Certified Information Systems Security Professional (CISSP) certification from International Information Systems Security Certification Consortium (ISC2) in 2015.
Dr. Mashatan has an external,Erdős Number of 2! This is the best a researcher can achieve since 1996 when Paul Erdős passed away.
Areas of Expertise (9)
University of Waterloo: PhD, Mathmatics
Selected Media Appearances (4)
Companies see the cyber threat, but spending on security is a different matter
Financial Post online
'Ryerson University business professor Atefeh Mashatan estimates Canada had one compromised machine for every 13,138 people, which amounts to roughly 2,740 machines. Mashatan says it is unclear how many belonged to businesses and how many belonged to other organizations.'
KL reacts to cyber attacks
Northern News online
'Atty Mashatan, a professor at Ryerson University’s School of Information Technology Management, said it was nothing more than a fluke that Canada appears to have been largely spared from Friday’s ransomware attack.'
Experts cite security gaps as 'WannaCry' attacks abate
Globe Advisor online
'Experts such as Atefeh Mashatan, an assistant professor of information systems security at Ryerson University, are questioning whether Microsoft should have released its patch for all systems, and reconsider its policies not to offer regular security updates for obsolete software. "If it has ramifications as big as this, why don't they pro-actively release a patch?" Dr. Mashatan asked.'
What you need to know about WannaCry ransomware
Inside Toronto online
'Metroland Media spoke with cybersecurity expert, Atty Mashatan with Ryerson University about what it all means, how we can protect ourselves and what to do if your device is infected.'
Selected Articles (4)
Asli Bay, Atefeh Mashatan, and Serge Vaudenay
Iterated attacks are comprised of iterating adversaries who can make d plaintext queries, in each iteration to compute a bit, and are trying to distinguish between a random cipher C and the perfect cipher C ∗ based on all bits. Vaudenay showed that a 2d-decorrelated cipher resists to iterated attacks of order d when iterations have almost no common queries. Then, he first asked what the necessary conditions are for a cipher to resist a non-adaptive iterated attack of order d. I.e., whether decorrelation of order 2d − 1 could be sufficient. Secondly, he speculated that repeating a plaintext query in different iterations does not provide any advantage to a non-adaptive distinguisher. We close here these two long-standing open problems negatively. For those questions, we provide two counter-intuitive examples.W e also deal with adaptive iterated adversaries who can make both plaintext and ciphertext queries in which the future queries are dependent on the past queries. We show that decorrelation of order 2d protects against these attacks of order d. We also study the generalization of these distinguishers for iterations making non-binary outcomes. Finally, we measure the resistance against two well-known statistical distinguishers, namely, differential-linear and boomerang distinguishers and show that 4-decorrelation degree protects against these attacks.
Ehsan Malekian, Atefeh Mashatan, and Ali Zakerolhosseini
In this paper we will construct a lattice-based public-key cryptosystem using non-commutative quaternion algebra, and since its lattice does not fully fit within Circular and Convolutional Modular Lattice (CCML), we prove it is arguably more secure than the existing lattice-based cryptosystems such as NTRU. As in NTRU, the proposed public-key cryptosystem relies for its inherent security on the intractability of finding the shortest vector in a certain non-convolutional modular lattice, yet it is efficient and cost effective, contrary to cryptosystems such as RSA or ECC. The detailed specification of the proposed cryptosystem, including the underlying algebraic structure, key generation, encryption and decryption process and also the issues regarding key security, message security, and probability of successful decryption are explained. We will further show, based on the existing results for lattice-reduction algorithms, that the proposed cryptosystem with a dimension of 41 will have a security equal to NTRU-167.
Atefeh Mashatan and Douglas R. Stinson
We investigate unconditional security for message authentication protocols that are designed using two-channel cryptography. (Two-channel cryptography employs a broadband, insecure wireless channel and an authenticated, narrow-band manual channel at the same time.) We study both noninteractive message authentication protocols (NIMAPs) and interactive message authentication protocols (IMAPs) in this setting. First, we provide a new proof of nonexistence of nontrivial unconditionally secure NIMAPs. This proof consists of a combinatorial counting argument and is much shorter than the previous proof by Wang and Safavi-Naini, which was based on probability distribution arguments. We also prove a new result which holds in a weakened attack model. Further, we propose a generalization of an unconditionally secure 3-round IMAP due to Naor, Segev and Smith. The IMAP is based on two ϵ-Δ universal hash families. With a careful choice of parameters, our scheme improves that of Naor et al. Our scheme is very close to optimal for most parameter situations of practical interest. Finally, a variation of the 3-round IMAP is presented, in which only one hash family is required.
Ian Goldberg, Atefeh Mashatan, and Douglas R. Stinson
We look at message recognition protocols (MRPs) and prove that there is a oneto-one correspondence between stateless non-interactive MRPs and digital signature schemes. Next, we examine the Jane Doe protocol and note its inability to recover in case of a certain adversarial disruption. We propose a variant of this protocol which is equipped with a resynchronization technique that allows users to resynchronize whenever they wish. Moreover, we propose another protocol which self-recovers in case of an intrusion. This protocol incorporates the resynchronization technique within itself. Further, we enumerate all possible attacks against this protocol and show that none of the attacks can occur. Finally, we prove the security of the new protocol and its ability to selfrecover once the disruption has stopped. Finally, we propose an MRP which provides explicit confirmation to the sender on whether or not the message was accepted by the receiver.