Computer/Network Security

CS-402: Fall 2003

Final Projects

The final projects in this class are intended to allow a great deal of flexibility for the individual student (or small group of students) to define a research or programming area that most interests them. As such, we define the two very broad categories of final projects as research projects and programming projects. One could also imagine hybrid projects that are part research but also have a programming or implementation component. Even the projects that are mostly programming based will have a paper to be written, albeit shorter than the paper that is the outcome of a research project.

Students may work individually, or in a group of 2 or 3, depending on the scope. A group project should have a substantially more ambitious scope than an individual project.

Recall that the final project is 25% of your final grade calculation in this class.

Project milestones

	project proposal: November 17, 10:30 am
	project presentation: December 10 and 12, 2003
	project due: December 18, 2003

Project Proposal

The project proposal needs to define the scope of what you are trying to accomplish. It should be one to two (single spaced) pages long. The core of the project proposal is the project description. Use two to four paragraphs to describe the goal(s) of your project. There should be no ambiguity about whether this project includes a programming/implementation component.

The remainder of the project proposal depends on what type of project is being proposed. For a research project, this should include an initial literature search and annotated bibliography on the topic. For a programming project, this should include a set of well-defined milestones to be met at weekly intervals. In addition, a programming project should specify any required resources so that we can make sure they are met early on.

Project Presentation

Plan on presenting the basic ideas of your project to the rest of the class in one of the last two sessions of the class. While your project may not be complete, it should be well on its way by this time frame. These presentations are relatively short (you should target about 15 minutes).

Presentations should be self-contained, and should be clear and precise. Briefly introduce the topic including any background information, describe the investigation, development, or experimentation that was conducted (either complete or still planned), and provide any demonstrations developed as part of the project, or describe the results of the investigation or experimentation. The following format is suggested:

	Title. Name the project and all the team members.
	Introduction. Introduce the purpose and goals of the project. Provide any background material necessary to understand the presentation.
	Investigation, development, or experimentation conducted. Describe the actual work performed during the project.
	Results. Show any demonstrations developed or results achieved during the project.
	Conclusion.

Research Project

The research category of project is a 10 to 12 page research paper. The paper should be in postscript (or pdf) or html. The paper should examine issues or technologies in computer or network security. Typically, your report might be organized as follows:

abstract
introduction -- background information, literature search, scope and limitations of project
body -- methods used
analysis and conclusions
recommendations -- future work, unsolved problems
references -- journals, WWW references

If a research project is done as a team project, the results should be more significant and the paper to cover those results appropriately longer.

Also be very careful about citing your sources. Plagiarism is stealing or passing off the ideas or words of another as one's own -- using material without crediting the source. This is prohibited behavior and will not be tolerated. Take the time to properly cite material written by someone else -- include references, put verbatim quotes in quotation marks, and do not paraphrase excessively. If you have questions about this, ask me.

Programming Project

As mentioned above, a programming project must also include a shorter (4-5 page) paper detailing the related work and ideas behind the programming project. In addition, you will need to provide me with a hard-copy of well documented code and a CD-R with your code. You will also need to schedule a demonstration of your software. I will post the schedule of demonstrations to this web page so that other classmates may attend as well.

Final Comments

The research and the programming projects will be graded on quality of research, quality of presentation, and strength of references. Original research counts more than a critical review which counts more than a mere survey paper. Actually implementing and testing things counts more than reporting on someone else's experiments/results.

I have already given you a list of project ideas from Stallings. A link to that can be found here.

A list of additional possible topics follow. These were pulled from a class page out of the University of Tennessee.

	trust analysis: PGP web of trust vs. trust hierarchy
	techniques for generating crypto random numbers and survey of what various crtypo packages use to generate random numbers
	NSA's FORTEZZA card and key escrow issues
	security features of various software packages: data bases, OS's (Windows 2000, NT, Mac OS 9, Plan 9,...) or various free UNIX: linux, freebsd,openbsd
	vulnerabilities revealed by traffic analysis
	secure OS technologies (EROS, TMACH, CMWs)
	secure linux (bastille, others?), OpenBSD
	securing NT ( or UNIX)
	computer architectures for security
	digital steganography (ascii text, mail headers, ps, html)
	digital watermarks and copyrights
	vulnerabilities of Java, javascript, ActiveX
	Java 1.2 security and crypto services
	applets or interactive web thingees to illustrate/teach crypto concepts
	techniques/algorithms for hi-speed crypto (parallel)
	DNS security
	detecting sniffers
	disk encryption products/algorithms (cfs, scramdisk, ppdd, tcfs, ...)
	compare v1 to v2 of ssh (or old PGP vs new PGP)
	Public-key for authentication: ssh, globus, kerberos, safetp
	cryptographic hashes
	backtracking denial-of-service attacks (spoofed source address)
	ISP IP-spoof tester (use Trinux/ bootable floppy)
	information warfare/ cyber terrorism
	IPsec key mgt: photuris, skip, isakmp, skeme, IKE
	key distribution for multicast sessions
	ATM (asyncrhonous transfer) security
	wireless security (wap's wtls), 802.11 WEP, mobile IP
	cell phone security (gsm, cdpd, ...)
	bluetooth security (wireless)
	data over cable (docsis)
	encryption in banking or e-commerce
	win2000 security (kerberos, efs, pki)
	security in globus
	security of DVD's and/or MP3 follow-on
	electronic payment schemes (ikp, ecash, ...)
	micropayment schemes
	security of snmp (v1 vs v3)
	elliptic curves in security
	compare 3 of the AES candidates
	chaotic functions as one-time pads
	secure time services (timeofday/ntp, timestamps)
	compare firewall products
	authorization models (capabilities, ACLs)
	virtual private networks VPNs (Windows 2000?)
	compare UNIX scanners (ISS, COPS, SPI)
	immutable executables (signed applets, ?)
	X.509 certificates and CA's
	SDSI or SPKI or X.509 hierarchies
	https/SSL performance
	survey of tests for randomness
	contrast various tests for primality
	compare secure file transfers (scp, sftp, ?)
	electronics (tempest, wiretaps, EMP guns, biometrics)
	security in distributed computing (DCE, DCOM, CORBA, RMI)
	crypto API's (GSS, CAPI, Java JCE, others ?)

Programming Projects

	implement 64-bit block ciphers (on Alpha)
	performance comparison of: ciphers, hashes, public key
	C++ or Java class library for crypto
	performance comparison of Java crypto vs C/C++
	performance comparison of AES ciphers
	analyze performance compression before encryption
	automatic cryptanalysis of some hand cipher
	implement and analyze of TEA or RC5 or ?
	web based electronic voting
	add intel hardware RNG to /dev/random
	SSL chat program
	setup secure Apache web server and certificates
	internet poker with session keys, public/private keys
	digital cash