Project Ideas

This page lists a few ideas for course projects. You are not limited to projects on this list; any topic that is relevant to this course may be proposed. This list is meant to get you started thinking about interesting projects.

Sources

Recent security conferences are a good source of project ideas:

• USENIX Security 2004
• IEEE Security and Privacy 2004
• ACM Conference on Computer and Communications Security 2004
• Network and Distributed System Security Symposium 2005, NDSS 2004
• Annual Computer Security Applications Conference
• Financial Cryptography 2005
• Computers, Freedom and Privacy 2001

Here are projects from previous CS588 offerings:

• Fall 2001
• Fall 2000

Note that "outreach projects" were not an option those years. In Fall 2001, Problem Set 4 asked students to "produce something that presents an important issue relevant to cryptology or computer security in a way that will be accessible and useful to an audience without substantial technical knowledge". Selected reponses are found here: http://www.cs.virginia.edu/~evans/cs588-fall2001/problem-sets/ps4-selected.html.

Design

Reputation Server

Services like eBay depend on tracking a history of individual behavior. (See http://www.advogato.com/trust-metric.html for a more substantial attempt.) Involvement in a number of good transactions enhances ones reputation, and the threat of bad feedback motivates people to behave well. Describe potential attacks on eBay's reputation. Design and implement a more secure reputation service.

Security User Interface

How can reference monitors present security violations to users in a way they understand? (And not pop-up so many false alarms that users learn to reflexively ignore warnings?)

Event Tickets

Design a system where customers can purchase and print out their own movie ticket.

File Sharing

How can file sharing services protect copyrights? What are the security issues involved in Napster and its successors?

Secure Internet Gambling

Analyze the trust issues for a gambling application. Design and implement a scheme for secure gambling on the Internet. Your scheme should be more secure than ASF Software's.

Intellectual Property Protection

How can content providers collect payments?

Privacy

Analysis

Conduct a security analysis of an existing or proposed system. Your analysis should include a description of vulnerabilities and potential attacks. Before actually attempting to attack a system, you must get permission (from me first, and probably from the system operators).

Analyze the predictability of Shuffle Master (automatic card shuffling devices used in casinos)

From patent: 5,261,667: Random cut apparatus for card shuffling machine

Apparatus for randomly cutting a deck of cards. ...A probe is moved into the offset zone of the shingled deck and is caused to stop at a randomly selected location in the zone. ... The cut is preferably made in the range of cards 20-32 in a 52 card deck.

Outreach

Do something relevant to this course that is beneficial to the larger community. Examples include:

• Develop and teach a course for K-12 students that uses cryptography to make math interesting. (Here's an example course I taught to 8th grade students last year: Dragon Crypto)
• Produce something that conveys important security principles to the general public. For example, here is a movie two students produced:

  Adam Glaser and Portman Wills, Safe Computing @ UVA (12 minute, 175MB Quicktime Movie, don't attempt to download this unless you are on a high-speed connection)

University of Virginia Department of Computer Science CS 588: Cryptology - Principles and Applications

cs588–staff@cs.virginia.edu