Project Ideas

This page lists a few ideas for course projects. You are not limited to projects on this list; any topic that is relevant to this course may be proposed. This list is meant to get you started thinking about interesting projects.

Sources

Recent security conferences are a good source of project ideas:

• USENIX Security 2001, 2000, 1999
• IEEE Security and Privacy 2001, 2000, 1999
• Crypto 2001, Previous Crypto Conferences
• Security Applications Conference 2000, Previous Annual Computer Security Applications Conferences
• Financial Cryptography 2001, Previous Financial Cryptography Conferences
• Computers, Freedom and Privacy 2001, Previous CFP Conferences
• Black Hat Windows 2K Security, Black Hat Briefings

Other Sources:

• Salon's Encryption Stories

Design

Password Advice

Many sites provide advice for choosing passwords (see http://geodsoft.com/howto/password/footnote.htm" for some examples). How good are common password recommendations? Produce better password recommending instructions.

Reputation Server

Services like eBay depend on tracking a history of individual behavior. (See http://www.advogato.com/trust-metric.html for a more substantial attempt.) Involvement in a number of good transactions enhances ones reputation, and the threat of bad feedback motivates people to behave well. Describe potential attacks on eBay's reputation. Design (and optionally implement) a more secure reputation service.

Security User Interface

How can reference monitors present security violations to users in a way they understand? (And not pop-up so many false alarms that users learn to reflexively ignore warnings?)

Event Tickets

Design a system where customers can purchase and print out their own movie ticket.

Audio Authentication

Can we do challenge-response authentication using audio? (Would this be useful?)

File Sharing

How can file sharing services protect copyrights? What are the security issues involved in Napster and its successors?

Secure Internet Gambling

Analyze the trust issues for a gambling application. Design and implement a scheme for secure gambling on the Internet. Your scheme should be more secure than ASF Software's.

Health Care Issues

Consider security issues in health care - for example: Can genetic tests be done in a way that ensures privacy? Can medical records be stored in a way that provides access to health care professionals in a secure way?

Intellectual Property Protection

How can content providers collect payments?

Privacy

Web Cookies

Low-Tech Cipher

Design and analyze a cipher that can be encrypted and decrypted using readily available devices. (For inspiration, see Bruce Schneier's Solitaire encryption algorithm.)

Assessment

Conduct a security assessment of an existing or proposed system. Your analysis should include a description of vulnerabilities and potential attacks. Before actually attempting to attack a system, you must get permission (either from me, or the system operators).

Some interesting choices include:

• eBay
• PayPal (could they protect against this?)
• Cell phone protocols (GSM, CMEA)
• Microsoft's Passport protocol (see Rubin and Kormann's paper)
• Zero Knowledge's Freedom
• ZixMail (especially securedelivery.com)
• Perform a cost/security analysis of different digital money schemes
• Compare schemes for intellectual property protection: Microsoft Reader, Intertrust, etc.

Research Surveys

Conduct a research survey in an interesting area, such as:

• Quantum Cryptography
• Copyright Law and the DMCA (EFF's US vs. Sklyarov Archive)
• Virus propagation
• Information survivability
• Denial-of-service attacks
• Secure Multicasting
• Tracking Intellectual Property
• Protecting Intellectual Property

Other Courses

You may also find some ideas for projects from other security course:

• Last Year's Course
• Anita Jones' seminar last year
• Berkeley
• Rice

University of Virginia Department of Computer Science CS 588: Cryptology - Principles and Applications

David Evans evans@virginia.edu