hero image
Atty Mashatan - Ted Rogers School of Management. Toronto, ON, CA

Atty Mashatan Atty Mashatan

Assistant Professor, Information Technology Management | Ted Rogers School of Management

Toronto, ON, CANADA

Expert in Information Systems Security and Privacy.


Professor Atefeh (Atty) Mashatan joined the School of Information Technology Management of Ryerson University in 2016. Her research focus has been on Information Systems Security, Cryptography, and Combinatorics.

Prior to joining Ryerson University, Dr. Mashatan was a Senior Information Security Consultant and Solutions Architect at CIBC (Canadian Imperial Bank of Commerce), 2012-2016, with a focus on cryptography and enterprise architecture where she led numerous solution design, implementation, and validation of strategic projects - many of which were NDA initiatives. Working with business technology partners, she also led the evaluation of newly proposed and existing security systems and provided subject matter expertise to the threat and risk management and enterprise gating partners.

Prior to that Dr. Mashatan was a Scientific Collaborator at the Security and Cryptography Laboratory of School of Computer and Communication Sciences, EPFL (Swiss Federal Institute of Technology, Lausanne), 2009-2012, where she conducted research on design and analysis of cryptographic protocols, such as authentication and revocation, by means of mathematical tools. She also collaborated with Nokia Research Centre and her work resulted in a patent.

Dr. Mashatan obtained her PhD from the University of Waterloo, under the supervision of Professor Douglas Stinson, and her Certificate in University Teaching from the Centre for Teaching Excellence. She is a Certified Service Oriented Architect (SOA) with Honours. She obtained the Certified Information Systems Security Professional (CISSP) certification from International Information Systems Security Certification Consortium (ISC2) in 2015.

Dr. Mashatan has an external,Erdős Number of 2! This is the best a researcher can achieve since 1996 when Paul Erdős passed away.

Areas of Expertise (9)

Security in Ad Hoc Pervasive Networks Cryptographic Protocols Information Technology Security and Management Security of Internet of Things Information Systems Security Cybersecurity Privacy Enhancing Technologies Big Data and Data Security Postquantum Cryptography


Education (1)

University of Waterloo: PhD, Mathmatics

Selected Media Appearances (4)

Companies see the cyber threat, but spending on security is a different matter

Financial Post  online


'Ryerson University business professor Atefeh Mashatan estimates Canada had one compromised machine for every 13,138 people, which amounts to roughly 2,740 machines. Mashatan says it is unclear how many belonged to businesses and how many belonged to other organizations.'

view more

KL reacts to cyber attacks

Northern News  online


'Atty Mashatan, a professor at Ryerson University’s School of Information Technology Management, said it was nothing more than a fluke that Canada appears to have been largely spared from Friday’s ransomware attack.'

view more

Experts cite security gaps as 'WannaCry' attacks abate

Globe Advisor  online


'Experts such as Atefeh Mashatan, an assistant professor of information systems security at Ryerson University, are questioning whether Microsoft should have released its patch for all systems, and reconsider its policies not to offer regular security updates for obsolete software. "If it has ramifications as big as this, why don't they pro-actively release a patch?" Dr. Mashatan asked.'

view more

What you need to know about WannaCry ransomware

Inside Toronto  online


'Metroland Media spoke with cybersecurity expert, Atty Mashatan with Ryerson University about what it all means, how we can protect ourselves and what to do if your device is infected.'

view more

Selected Articles (4)

Revisiting Iterated Attacks in the Context of Decorrelation Theory Cryptography and Communications

Asli Bay, Atefeh Mashatan, and Serge Vaudenay


Iterated attacks are comprised of iterating adversaries who can make d plaintext queries, in each iteration to compute a bit, and are trying to distinguish between a random cipher C and the perfect cipher C ∗ based on all bits. Vaudenay showed that a 2d-decorrelated cipher resists to iterated attacks of order d when iterations have almost no common queries. Then, he first asked what the necessary conditions are for a cipher to resist a non-adaptive iterated attack of order d. I.e., whether decorrelation of order 2d − 1 could be sufficient. Secondly, he speculated that repeating a plaintext query in different iterations does not provide any advantage to a non-adaptive distinguisher. We close here these two long-standing open problems negatively. For those questions, we provide two counter-intuitive examples.W e also deal with adaptive iterated adversaries who can make both plaintext and ciphertext queries in which the future queries are dependent on the past queries. We show that decorrelation of order 2d protects against these attacks of order d. We also study the generalization of these distinguishers for iterations making non-binary outcomes. Finally, we measure the resistance against two well-known statistical distinguishers, namely, differential-linear and boomerang distinguishers and show that 4-decorrelation degree protects against these attacks.

view more

QTRU: Quaternionic Version of the NTRU Public-Key Cryptosystems The ISC Journal of Information Security

Ehsan Malekian, Atefeh Mashatan, and Ali Zakerolhosseini


In this paper we will construct a lattice-based public-key cryptosystem using non-commutative quaternion algebra, and since its lattice does not fully fit within Circular and Convolutional Modular Lattice (CCML), we prove it is arguably more secure than the existing lattice-based cryptosystems such as NTRU. As in NTRU, the proposed public-key cryptosystem relies for its inherent security on the intractability of finding the shortest vector in a certain non-convolutional modular lattice, yet it is efficient and cost effective, contrary to cryptosystems such as RSA or ECC. The detailed specification of the proposed cryptosystem, including the underlying algebraic structure, key generation, encryption and decryption process and also the issues regarding key security, message security, and probability of successful decryption are explained. We will further show, based on the existing results for lattice-reduction algorithms, that the proposed cryptosystem with a dimension of 41 will have a security equal to NTRU-167.

view more

Practical Unconditionally Secure Two-channel Message Authentication Designs, Codes and Cryptography

Atefeh Mashatan and Douglas R. Stinson


We investigate unconditional security for message authentication protocols that are designed using two-channel cryptography. (Two-channel cryptography employs a broadband, insecure wireless channel and an authenticated, narrow-band manual channel at the same time.) We study both noninteractive message authentication protocols (NIMAPs) and interactive message authentication protocols (IMAPs) in this setting. First, we provide a new proof of nonexistence of nontrivial unconditionally secure NIMAPs. This proof consists of a combinatorial counting argument and is much shorter than the previous proof by Wang and Safavi-Naini, which was based on probability distribution arguments. We also prove a new result which holds in a weakened attack model. Further, we propose a generalization of an unconditionally secure 3-round IMAP due to Naor, Segev and Smith. The IMAP is based on two ϵ-Δ universal hash families. With a careful choice of parameters, our scheme improves that of Naor et al. Our scheme is very close to optimal for most parameter situations of practical interest. Finally, a variation of the 3-round IMAP is presented, in which only one hash family is required.

view more

On Message Recognition Protocols, Recoverability and Explicit Confirmation International Journal of Applied Cryptography

Ian Goldberg, Atefeh Mashatan, and Douglas R. Stinson


We look at message recognition protocols (MRPs) and prove that there is a oneto-one correspondence between stateless non-interactive MRPs and digital signature schemes. Next, we examine the Jane Doe protocol and note its inability to recover in case of a certain adversarial disruption. We propose a variant of this protocol which is equipped with a resynchronization technique that allows users to resynchronize whenever they wish. Moreover, we propose another protocol which self-recovers in case of an intrusion. This protocol incorporates the resynchronization technique within itself. Further, we enumerate all possible attacks against this protocol and show that none of the attacks can occur. Finally, we prove the security of the new protocol and its ability to selfrecover once the disruption has stopped. Finally, we propose an MRP which provides explicit confirmation to the sender on whether or not the message was accepted by the receiver.

view more