CS 451 Information Security

Candidate Course Project Ideas

Fall, 2006

 

 

In this course students will tackle a semester-long course project.  Students may self-select their groups.  Each project group – about three students – can then define their project.  Your project may require considerable research in the literature and on the web.  It may require your designing (and potentially implementing) a solution.  Perhaps you will also design attacks to test that solution. 

 

Some candidate projects topics are sketched below.  Your group can select one of these.  Alternatively, your group may have a different idea for a project.  If so, please discuss it with me. 

 

Pick a security problem that is narrow enough in focus that your group can perform the requisite research, design a solution, implement or simulate parts of that solution, analyze any attacks that might be made against your solution, and determine how you would counter those potential attacks – all in less than a semester.  All projects should be documented in a professional report that is delivered to me on schedule.  I will ask selected groups to present their projects to the class.

 

Smart Card

• Design the security functions for a smart card with the intent to make it tamper-proof and hack-proof.
• Define what approaches an attacker could use and how each approach could be foiled.

 

Active Defense

• Today’s systems (including the legal system) make it difficult to impossible to track an attacker back through the Internet and locate the attacker’s bases of operation and his/her identity.  Design a trace-back system.
• Is IP v6 an adequate base?
• What legal/ethical impediments might there be to implementing your scheme?
• Estimate performance costs of your trace mechanism.
• How would attackers seek to avoid your trace, and how you could counter their attempts?

 

Security for a Wireless Network

• PDAs, cell phones, and other mobile computing platforms are increasingly connected.  They have processing capability, screens, and user input capability.  Analyze their relation and communication with servers and the rest of the Internet. 
• What security is appropriate?  Design and implement a cost effective security system.

 

Configure for Forensics

• Identify multiple security attacks that might be made against a target system.  Then design the forensic data collectors and attack-anticipation software functions that you would need to execute before, during, and after the attack so that
• The attack is rapidly visible to administrators,
• The system collects and analyzes forensic data required to identify the attacker and determine the extent of damage.

 

Stamp out SPAM

• Survey the state of the art in SPAM detection.
• Devise a best-of-breed technique for detecting and then eliminating SPAM.  You may want to make the detector domain-specific in some ways. 
• Determine how attackers could create messages that would not be detected as SPAM.
• Could your system incrementally learn so that as attackers became more sophisticated, or observed your SPAM killer, that they could not use that knowledge effectively to deter your detector.

 

Stamp out SPAM

• Design a SPAM detector that accepts a file of user identified SPAM, and filters out all future messages that look like the user identified SPAM.

 

Digital image Watermarks

• Photographer L. Bachrach runs a set of upscale photography franchises.  He copyrights all his photo images (digitally produced images, of course) and does not want the images to be used without his permission.  Devise a watermark technique that will not visibly mar Bachrach’s exquisite photos.
• Determine how someone who wants to scan in and manipulate the image would detect that your watermarks exist.  Could they effectively alter them?

 

Set out some Honey Pots

• Your corporation maintains highly proprietary information and wants to use the honey pot technique to test whether attackers who would steal the corporation’s information are entering corporate systems.
• Design the honey pots.
• How would you keep the intruders “at bay”, i.e. manage the intruders when they appear?

 

Create a Sandbox

• Devise a scenario in which you wish to place attackers in a sandbox.
• How would you create the sandbox?
• Could they detect that they have been corralled in your sandbox?
• What can you learn about them, their interests, and their knowledge about your company through the sandbox technique?

 

Key Escrow

• A large corporation has decided to issue passwords, but keep those passwords in escrow – with a local bank.
• Design the entire escrow system. 
• What attacks could undermine the integrity of your system and how will your escrow system defeat those attacks?

 

Detect Prowlers in your System

• You are working with a high profile citizens group.  They want to know how to build a system that would detect prowlers that might come into the computer with the intent of defacing their web presence.
• Can you prevent 100% of the defacement attacks?
• Can “prowling” be categorized and quantified?  How?

 

Crack Digital Satellite TV

• Survey the past history.
• Devise an approach to decode the digital satellite information and argue its effectiveness.

 

Authenticate Cookies

• Devise a system to authenticate cookies.

 

Secure Instant Messaging

• Define the security issues with respect to Instant Messaging.
• Devise a security system to assure selected security properties for messaging.

 

Digital Media Copyright Protection

• What is the issue?
• How can protection be assured?

 

Biometrics

• Select a specific application and design a biometric-based system that authenticates users.

 

Electronic Voting

• Devise an electronic voting system.

 

Intrusion Detection

• Create an intrusion detection system by:
• Adding code to Linux kernel for monitoring intrusions.
• Your approach would be to minimize false alarms, and to assure that your performance overhead is “acceptable”.

 

Create an OS fingerprint detector

• Every operating system is different.
• Determine the “hallmark” characteristics of a variety of operating systems.
• Program a fingerprint detector.

 

Create a TCP/IP Hijacking tool

• Observe TCP/IP traffic
• Determine how to intrude upon a session without being observed.
• You would change messages, or insert your own messages.

 

Virtual Private Network for TCP and/or UDP packets using your own cryptographic code

• Create a private network where all your data is encrypted.
• Observe the packet headers to determine which packets should be encrypted.
• Encrypt the data using your own encryption algorithm.