SNE master student projects 2011 - 2012

Code: MSNRP1-6 and MSN2NRP6

The course objective is to ensure that students become acquainted with problems from the field of practice through two short projects, which require the development of non-trivial methods, concepts and solutions. After this course, students should be able to:

Transform a roughly outlined problem into a carefully defined research question, supported by some level of reading up on the topic.
Establish a feasible project schedule for answering the question.
Conduct autonomous research to answer the question at hand, using literature searches, studying, experimentation and/or the development of software and hardware.
Present solutions to a diverse audience (experts as well as non-experts).
Defend solutions in debates.
Provide an appropriate report

Rules

Some simple rules for selecting RP's, for a more elaborate discussion, see process:

You can select a RP1 from the entire list. Choose subjects that relate to cources already followed.
You can have no more than 2 re-sits from block 1 - 4 pending when you are choosing your RP2 subject.
You must complete RP1 before starting RP2.
Forensics track students have to choose for RP2 a subject with a "F" label.
Network track students have to choose for RP2 a subject with a "N" label.
Part time students have to do their RP2 in their 2nd year, preferably in june.
Students working in pairs must be at same level (both RP1 or both RP2).

TimeLine

RP1:

Wednesday Sep 21 2010, 10h15: Introduction to the Research Projects.
Nov 24, 2011, 15h00: Detailed discussion on finally chosen subjects for RP1.
Monday Jan 9th - Friday Feb 3th 2012: Research Project 1.
Friday Jan 13th: (updated) research plan due.
Tuesday Jan 17, 16h00: possibility for students to discuss problems/progress in OS3 Lab.
Wednesday Feb 8th 2012: Presentations RP1 in B1.23 @ Science.
Monday Feb 13th 9h00: RP1 - reports due

RP2:

Friday may xx 2012, 13h00, B1.23 Detailed discussion on finally chosen subjects for RP2.
Monday Jun 4th - Friday Jun 29th (or Jul 6th) 2012: Research Project 2.
Friday Jun 8th: (updated) research plan due.
Monday Jun 18, 16h00 possibility for students to discuss problems/progress in OS3 Lab.
Thursday Jul 5th 2012: Presentations RP2 in C1.110 @ Science.
July 6th: RP2 - reports due (preferably not much later as holidays interfere).

Projects

Here is a list of student projects for Jan 2012 and/or June 2012. In a futile lightweight way to prevent spamming I replaced "@" by "=>" below.
Find here the left over projects from last year.

Color of cell background:
purple = currently chosen project. Light blue = project plan received. Light green = presentation received. Dark green = also report received. light purple = confidentiality was requested, dark purple = presentation in june.

#	title summary	supervisor contact students	R P	1 / 2
1 SN	Virtualization vs. Security Boundaries. Traditionally, security defenses are built upon a classification of the sensitivity and criticality of data and services. This leads to a logical layering into zones, with an emphasis on command and control at the point of inter-zone traffic. The classical "defense in depth" approach applies a series of defensive measures applied to network traffic as it traverses the various layers. Virtualization erodes the natural edges, and this affects guarding system and network boundaries. In turn, additional technology is developed to add instruments to virtual infrastructure. The question that arises is the validity of this approach in terms of fitness for purpose, maintainability, scalability and practical viability.	Jeroen Scheerder <Jeroen.Scheerder=>on2it.net>	R P
2 SN	DNS security revisited. The crucial DNS remains a liability today. In the past, several attempts - and huge government impulses - have been made towards DNSsec adaptation. Success has been far from evident, meriting a closer look. At this point, there might be actual field data to (dis)prove DNSsec skepticism. DNSsec support has been mandatory for several TLDs now for an extensive period. While mandatory, participation has been less than complete. And of the zones for which DNSsec was deployed, it's an open question whether this initial deployment has been followed by proper maintenance (as is necessary for DNSsec zones). Specific questions are: What adaptation rate has DNSsec seen amongst (for example) .gov zones? What is the trend, and the adaptation timeline? Of the zones offering DNSsec at point in time T, which ones are still valid at point T+n? Running hypothesis would that DNSsec has been plausibly tried, and has been proven a failure. Let's see this hypothesis disproved! Or… else…?	Jeroen Scheerder <Jeroen.Scheerder=>on2it.net>	R P
3 SN	Traffic Volume vs. Network Inspection. Traffic volume remains ever-increasing. Peak throughput at AMSIX for example saw a yearly increase from 0.8T to 1.2T roughly (sep 2010 vs. sep 2011). Yet simultaneously growing needs to deal with increasingly evasive network applications, increasingly strenuous compliance regulations, and high-profile malware activity (Mariposa, Conficker, STUXnet, …) has given rise to powerful real-time inspection technology. An important question is if it is possible, and if so how, to bring and keep inspection capacity close to full network capacity, even in the face of continuous strong growth.	Jeroen Scheerder <Jeroen.Scheerder=>on2it.net>	R P
4	Traffic anomaly detection using a distributed measurement network. This research focuses on the relationship between traffic anomalies and the data collected by the RIPE Atlas measurement network. Two distinct vectors of research are used: first, a ground-truth search which looks to see in what degree real-life network events reflect in the RIPE Atlas data, and second, the collected data is analyzed to find the time and location where several probes' measurements in a certain network or geographical area yield abnormal results. The ground-truth events searched are not found with a good degree of confidence in the Atlas data and the possible reasons are detailed in the paper. The data analysis uses control charts to map the deviations from the mean of each probe. Two methods for aggregating the results in a certain area are then proposed.	Emile Aben <emile.aben=>ripe.net> Razvan Oprea <Razvan.Oprea=>os3.nl>	R P	1
5	Monitoring the cloud. The main challenge when migrating services to the cloud is to identify the security issues and the problems which can derive from loss of control. After the services are migrated to a cloud provider, organizations should continue monitoring these services. Most of the cloud providers already have some type of monitoring which allows clients to see the status of their services, but unfortunately sometimes these monitoring tools are not detailed enough or the mapping between the virtual and physical resources isn't visualized correctly. This project consists of a literature study and the design and implementation of a real-time monitoring tool. The literature study should examine how different virtualization techniques and architecture designs can influence the client's services. This is followed by the implementation of a reliable monitoring tool which shows the mapping of the client's services to the underlying virtualized and physical layers. The status and performance of these services should be monitored near real-time.	Tunde Balint <balint.tunde=>kpmg.nl>	R P
6	Advanced Metering Infrastructure. An advanced metering infrastructure (AMI) is a system of networked devices, e.g. smart (electrical) meters, and forms the basis of a so-called Smart Grid. With a Smart Grid it is possible, e.g. to match energy consumption to green energy production by, e.g., (externally) managing domestic devices, provide personalized services to consumers and even allow consumers to become suppliers of energy. For this to work requires real-time, up-to a minute, bi-directional communication between the networked devices and a robust and scalable communication network. This project consists of a literature study and designing a advanced metering infrastructure. The aim of the literature study is to explore the available smart metering technologies and to determine which of these technologies allow to build a robust, scalable and future proof Smart Grid. This is then followed by developing an architectural network design of a Smart Grid for the chosen technologies. Implementing the AMI design in a toy Monte Carlo simulation is also a possibility.	Jan Amoraal <amoraal.jan=>kpmg.nl> Vic Ding <vic.ding=>os3.nl>	R P	2
7 S	Tiled video streaming implementation. P.S. these are way more software engineering, but if someone fabricates a relevant research question for SNE RP1 out of these, please contact me (CdL) Build a native (C, CUDA) implementation of tiled video streaming. This is an overhaul of the current proof of concept within the European FP7 Fascinate project. The implementation will be used in user pilots. Contact: Omar Niamut <omar.niamut=>tno.nl> Native tiled video streaming on iPhone, iPad or Android Summary: Build an app (Objective-C or Java) that can read and play tiled videos on a smartphone or tablet. The main challenge here lies in synchronizing multiple videos on a per-frame level. Contact: Omar Niamut <omar.niamut=>tno.nl> Second-screen synchronisation Summary: Build a synchronised solution that lets subtitles run on an iPad simultaneously with a streaming TV broadcast. The synchronization solution should be network-based, e.g. using the RTCP protocol extensions for inter-destination media synchronization, as being developed in the FP7 HBB-Next project. Contact: Ray van Brandenburg <ray.vanbrandenburg=>tno.nl> Social TV marking of scenes Summary: Build a social-TV solution where one person can draw a highlight on a TV broadcast, which can be seen by his friends in real time. Contact: Oskar van Deventer <oskar.vandeventer=>tno.nl>	Omar Niamut <omar.niamut=>tno.nl>	R P
8 S	CDN Interconnection Interconnect two CDNs (Content Delivery Networks) at TNO. The interconnection should feature at least pull-based content distribution from the Upstream CDN to the Downstream CDN, and the inter-CDN request routing to get a video file delivered from the Downstream CDN to a video client. Architecture study of CDN's.	Ray van Brandenburg <ray.vanbrandenburg=>tno.nl>	R P
9 SN	Automatic end-host configuration. In most networks there is a DHCP server running to manage the address-pool. Using DNS and registration it is possible to dynamically use services. In circuit-based networks this is different. Usually a circuit spanning the globe is formed between two or more nodes that need to transport a dataset, movie-files, or perform calculations together. These nodes work together for a short period of time, and then the circuit is torn down. These networks are separated from the Internet, so there is no DHCP server, or DNS. Many gadgets already support dynamic discovery in any kind of network and service discovery is also possible in printers, or applications such as iTunes. This research project is about examining options to do address management and service discovery for end hosts in a cross-platform way. A starting point could be http://staff.science.uva.nl/~fdijkstr/publications/Link_Local_Addressing.pdf	Jeroen van der Ham <vdham=>uva.nl> Sebastian Dabkiewicz <sebastian.dabkiewicz=>os3.nl>	R P	1
10 S	Data Integrity in Digital Archives. Investigate techniques to improve the reliability of the archiving facilities at SARA and tools for implenting and increasing regular data integrity checks. Context: SARA operates two multi petabyte digital archive facilities. These facilities are based on a tiering storage model with an online disk tier and a nearline tape based tier. Data is automatically policy based migrated between tiers. The archiving software stack is based on SGI DMF (Data Migration Facillity). DMF uses internally checksums to guard data integrity. These are not available outside the system. Research: Investigate techniques for improving integrity of the archive facilities at SARA and develop demonstration tools fo better and regular data integrity checks.	Ans Sullot <Ans=>sara.nl>	R P
11 S	Security Metrics. Onsight Solutions delivers network security and application delivery solutions to middle sized and large companies. Onsight believes that offering just the security hardware does not add any security. Managing this hardware in a proper way does. Offering support or full management of those devices is the core business of Onsight. But how can you measure security (or maybe you measure the change a hacker is able to attack your environment ?) What factors are important when you try to grade the security solution at a company. And can those factors be monitored in an automated way 24x7? What tools are required? Or maybe some human resources? When it becomes possible to define a number, and compare this with a certain level (which might be a standard or a contracted value), it becomes possible to monitor the security solution. In case the security level drops, an engineer gets alarmed to take some action. So the level of security is maintained. Beside this, a number for security is easy to understand for people who have to decide about the budget, but don't know anything about IT security (think about the IT managers/Security officers). Main question: "How can you assign a number to the quality of a security solution at a company?". Some subquestions: What parameters are important to measure? And what is the importance of each factor? What tools are required to measure this? For example you can think about honeypots, port scans, vulnerability scans, etc. And maybe some external data sources are required, to gather security information?	Roel van der Jagt <roel.van.der.jagt=>onsight.nl>	R P
12	OpenNSA. Currently we are participating in the development of a protocol for inter-domain circuit provisioning. One of the implementations is OpenNSA, an open-source implementation by NorduNet. This research project is to look at both the current capabilities of this software project, compare with other implementations, and examine the applicability of OpenNSA (or others) to the machines in our testbed network. This will allow us to quickly and automatically make connections across the globe and do network tests, or other resource sharing experiments.	Jeroen van der Ham <vdham=>uva.nl>	R P
13 S	Distributed Password Cracking Platform. Cracking of password hashes has many reasons. During IT audits we crack to test the effectiveness of a password policy, and during security tests we crack to further penetrate into a network. KPMG IT Advisory performs both assignments continuously and password cracking is a day-to-day activity. In order to fulfill the demands of our team to crack passwords we have a setup that consists of a CPU cluster and a GPU box. The cluster consists of ~70 CPU’s (john-MPI) with an easy to use interface for the pentesters to upload the hashes and get the results. The GPU box (5 GPU cards, many different tools) is used for specific cracks when GPU power is faster. This setup was created about 18 months ago, and has served us good in that time. However, we see opportunities that we are not using. The current setup can be further optimized, but also we would like to further integrate the GPU power into the cluster. We would like students to research how we can further extend the current setup. Key components in this research are: Cracking strategy: research cracking strategies that combine CPU and GPU cracking, dictionary, brute force and rainbow table cracking for a fixed set of hash types (to be defined) Extending cracking functionality: research ways of extending the current john-mpi cluster with nodes and tools for GPU and rainbow table cracking Integration of the two: research ways of integrating the researched cracking strategy into the newly extended cluster, in such a way that the cluster chooses the best strategy for the current load of the cluster and on the amount and type of uploaded hashes. The research is an example of combining skills of system and network engineers and with the skills of security testers. Research at KPMG IT Advisory can be challenging. We strive for the best results and therefore invest a considerable amount of time in you, to help you achieve the best. But to succeed together we require fully determined students that would like to go the extra mile. The RP topics as stated on the website are fixed but we are open to changes in the exact research approach if the student prefers. We encouraged students to come up with own ideas and approaches. During the short intake interview your are invited to bring your ideas and approaches to the table. We use the intake to select the students who will get the opportunity to perform their research project at KPMG.	Marc Smeets <smeets.marc=>kpmg.nl> Dimitar Pavlov <dimitar.pavlov=>os3.nl> Gerrie Veerman <Gerrie.Veerman=>os3.nl>	R P	1
14	Integrating DMA attacks in exploitation frameworks. It has been several years since the first research and tooling on firewire attacks; exploiting the use of direct memory access to read and write memory on desktops and laptops. The vulnerability is still there and several new technologies have come around that - in theory - may be prone to the same type of attack. We want students to further research this. Steps in the research can include: 1 Research the possibilities of this attacks on new techniques, e.g. Thunderbolt, HDMI, eSATA. Take into account that having DMA access in theory allows for the attack to happen. But there may be several practical issues that prevent the attack from happening (OS security measures, master-slave election in the bus unable to bypass, secure signing of devices connecting, etc). 2 Research the extend of the attack. The most common 'exploit' has been bypassing the logon screen and searching the memory for keys/passwords. But what kind of other attacks can you think of? 3 Create a Proof of Concept in one of the following ways: Design/create a software component that can be used for such attacks. The proof of concept should be modular to allow different I/O techniques to be included, and preferably should be integrated in the Metasploit framework. Design/create an 'Evil Docking Station', a docking station that - whilst looking normal - can attack an attached laptop via these. Research at KPMG IT Advisory can be challenging. We strive for the best results and therefore invest a considerable amount of time in you, to help you achieve the best. But to succeed together we require fully determined students that would like to go the extra mile. The RP topics as stated on the website are fixed but we are open to changes in the exact research approach if the student prefers. We encouraged students to come up with own ideas and approaches. During the short intake interview your are invited to bring your ideas and approaches to the table. We use the intake to select the students who will get the opportunity to perform their research project at KPMG.	Marc Smeets <smeets.marc=>kpmg.nl> Rory Breuk <rory.breuk=>os3.nl> Albert Spruyt <Albert.Spruyt=>os3.nl>	R P	1
15	Security scanner for mobile apps. The current Apple App Store and Android Market contain thousands of apps, and many more are added every day. More and more companies are creating apps that provide some service to their customers from their mobile phone. The security of these apps is varying and we have seen in the past that all kinds of security issues with the apps come to light. A short selection of these security issues are clear text storing of passwords, insecure data transmission of critical data, (illegal?) harvesting and transmitting of data from different parts of the phone outside the app's domain. As with many other software components, it is becoming clear that apps need to be tested for security issues before going live. We want students to think and create a way to do this security scanning of apps less error prone and more automated. Testing may include black box and white box. Steps in the research can include: 1. Provide a framework of insecurities that these mobile apps should be checked for (e.g. way of storing credentials, network communication) 2. Create an easy-to-setup testing environment that can be used for the security testing of the mobile apps. This should be usable for apps downloadable from the Store/Market and for apps provided separately. Research at KPMG IT Advisory can be challenging. We strive for the best results and therefore invest a considerable amount of time in you, to help you achieve the best. But to succeed together we require fully determined students that would like to go the extra mile. The RP topics as stated on the website are fixed but we are open to changes in the exact research approach if the student prefers. We encouraged students to come up with own ideas and approaches. During the short intake interview your are invited to bring your ideas and approaches to the table. We use the intake to select the students who will get the opportunity to perform their research project at KPMG.	Marc Smeets <smeets.marc=>kpmg.nl>	R P
16	Content Security Protection. Some time ago Mozilla designed a new web standard called CSP (Content Security Protection, see https://wiki.mozilla.org/Security/CSP). W3C has taken Mozilla's work and has a public working draft at https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html The goal of CSP is to separate data (html) from executable code (JavaScript). Students are asked to research the CSP standard as it is known now and: 1. Review this standard, try to identify gaps/omissions also looking at Mozilla's implementation and knowing the history of the separation of code and data (compare this development to No Execute bits/DEP); 2. One of the following, or both if time allows: Research re-writing of existing websites to make use of CSP. Can this be partially automated? If so create proof-of-concept tooling that web administrators can use to rewrite existing web-applications. Create a browser-helper object or plugin to allow a non Mozilla browser to use CSP. Research at KPMG IT Advisory can be challenging. We strive for the best results and therefore invest a considerable amount of time in you, to help you achieve the best. But to succeed together we require fully determined students that would like to go the extra mile. The RP topics as stated on the website are fixed but we are open to changes in the exact research approach if the student prefers. We encouraged students to come up with own ideas and approaches. During the short intake interview your are invited to bring your ideas and approaches to the table. We use the intake to select the students who will get the opportunity to perform their research project at KPMG.	Marc Smeets <smeets.marc=>kpmg.nl>	R P
17	Feasibility of attacks on weak SSL ciphers. Weak SSL ciphers have been around since many years. In theory many ciphers are cracked. But in current networks we find that the usage of weak ciphers is still very common. In practice only a few attempts have been successful, with EFF’s FPGA attack on DES with COPACOBANA being a noteworthy one. Many other ‘theoretically cracked’ weak ciphers are still not easy to crack in practice. We would like the students to research the feasibility of cracking weak ciphers used. The research can include the entire process from intercepting communication, extracting the data used for attack, select best way of cracking, perform crack and uncover the secrets. Ideally, the research results in a statement on the feasibility of cracking these weak ciphers. What ciphers exactly to be included will be selected at the start of the research. Research at KPMG IT Advisory can be challenging. We strive for the best results and therefore invest a considerable amount of time in you, to help you achieve the best. But to succeed together we require fully determined students that would like to go the extra mile. The RP topics as stated on the website are fixed but we are open to changes in the exact research approach if the student prefers. We encouraged students to come up with own ideas and approaches. During the short intake interview your are invited to bring your ideas and approaches to the table. We use the intake to select the students who will get the opportunity to perform their research project at KPMG.	Marc Smeets <smeets.marc=>kpmg.nl>	R P
18	Performance Analysis of OpenFlow Hardware. OpenFlow is a new network technology. it was developed at Stanford University, but is now gaining support from companies like Cisco, Juniper, Microsoft, Google and Facebook. OpenFlow is a form of software defined networking where forwarding tables are programmed into switches by applications. In this project you will define which OpenFlow feature(s) you want to investigate. This can be done on a simulator and/or with real OpenFlow hardware. Prerequisites are basic knowlegde of Ethernet (forwarding tables, flooding, VLANs, spanning tree) and some programming experience in Python or C++. Research Question here is: look at the fundamentals, performance, security, features that may be attractive. For more information see www.openflow.org and www.opennetworking.org.	Ronald van der Pol <rvdp=>sara.nl> Michiel Appelman <michiel.appelman=>os3.nl> Maikel de Boer <maikel.deboer=>os3.nl>	R P	1
19 F	Electromagnetic Fault Injection (EMFI) on System-on-a-Chips (SoC) / Smartcards. Fault injection techniques actively manipulate a side channel on a chip by applying short laser, voltage or clock cycle pulses. All of them are commonly used by Riscure to attack secure SoCs or smartcards. However, EMFI could be an interesting, unexplored and currently unused alternative. All hardware required for this project will be provided by Riscure. However, the student will be asked to fine tune the provided hardware and relevant parameters. Possible parameters are: Size of the coil used in the EM probe Placement of the EM probe on the surface of the chip (front / back) Distance of the EM probe to the surface of the chip Power applied to to the EM probe Decapsulated chip versus encapsulated chip Questions that could be answered by the research: Is EMFI feasible on embedded systems / smartcards? What parts of the SoC are influenced with EMFI? (CPU/RAM/ROM/FLASH) What are the advantages of EMFI compared to other fault injection techniques on SoCs / smartcards? What are the disadvantages of EMFI compared to other fault injection techniques on SoCs / smartcards? What is the most efficient configuration of the used EM probe? What are the limitations of the used EM probe? Useful information: http://www.riscure.com http://en.wikipedia.org/wiki/Electromagnetic_radiation http://en.wikipedia.org/wiki/Eddy_current http://en.wikipedia.org/wiki/Fault_injection	Niek Timmers <niek=>riscure.com> Sebastian Carlier <sebastian.carlier=>os3.nl>	R P	2
20	l/O Load Scheduler for Grid Mass Storage. l/O Load Scheduling on a high performance mass storage system. Investigating an l/O load problem and implementing a possible solution. Short description: SARA manages a high performance data storage system used, among other things, to store data from the LHC (particle accelerator in Switzerland). This system is comprised of a disk front end and a tape back end. Data is copied from a remote host to the disc cache and then stored on tape. Reading in data sets from tape to the disc cache and then transporting it back to a remote host also occurs. This process is referred to as data staging. A performance characteristic appears to be that it is either possible to read quickly from- or write quickly to the disc. Doing both simultaneously results in a much lower performance than 50%. A possible solution for this problem is the implementation of a scheduling mechanism in the staging process. The assignment is to investigate techniques for improving performance of the over-all process and developing a (prototype) solution for this problem. The assignment involves: Conducting research into the improvement of the staging process Suggesting possible solutions Implementing and documenting a prototype solution Giving a final report	Walter de Jong <walter=>sara.nl> Christos Tziortzios <Christos.Tziortzios=>os3.nl>	R P	1
21	Bootstrapping the Internet of the Future. The design of the Internet did not account for network evolution. But since its existence, the Internet needed amendments to address problems or new protocols for new uses. The explosive increase of network devices and their increasing mobility currently threatens the stability of the Internet. Solutions to these problems, larger address space and keeping track of address locations, require changes to the network layer protocol. We developed an approach to simplify the development and deployment of network layer protocols. Our solution encapsulates the network layer protocol by a virtual machine: the NetApp. In this thesis work, we will develop a few NetApps, IPv6 and OpenFlow, that can grow with demand. We will show that NetApps can be deployed on many Clouds, and that automatically the needed arrangements are made, e.g. creating a VPN, configuring IP addresses. The student will show that IPv6 deployment, or any other network layer protocol for that matter, becomes a trivial task with NetApps.	Rudolf Strijkers <rudolf=>strijkers.eu> Mohammad Shafahi <mohammad.shafahi=>os3.nl>	R P	1
22	OpenDNSSEC. In the OpenDNSSEC project, the Enforcer is the component performing automatic DNSSEC key roll-overs. Rolling keys can be done in many ways. The upcoming Enforcer will be able to roll to a new key in most of those ways, independent of the state and amount of current keys. It makes sure no validator could see its zone as bogus or insecure. In order to do these any-to-any roll-overs we described the validity of a zone in a formal way. We don't expect our users to grasp the mathematical definition, but they want to know what will happen in the future. We would like to have a program that, given a configuration file, outputs a textual or graphical time line showing which resource records are published in what order, and when. The challenge is not limited to programming -contrary to the users- you will have to grasp our formal definition (and DNSSEC).	Yuri Schaeffer <yuri=>nlnetlabs.nl>	R P
23 F	Camera Identification on YouTube. Identifying cameras used in YouTube videos by matching noise patterns. Netherlands Forensics Institute.	Marcel Worring <m.worring=>uva.nl> Zeno Geradts <zeno=>holmes.nl> Yannick Scheelen <Yannick.Scheelen=>os3.nl> Jop van der Lelie <jop.vanderlelie=>os3.nl>	R P	1
24 F	Ranking of manipulated images in a large set using error level analysis. One form of image manipulation is particularly interesting to the NFI and is called the copy & move [8] technique. The copy & move technique applies to adding or removing objects to or from an image. The error level analysis (ELA) [5] image manipulation detection technique is particularly effective in detecting this kind of forgery. ELA makes use of some of the properties of lossy image formats [4] to detect differences in quality levels between the original image and potentially modified parts within that image. The research focuses on determining whether the ELA technique can be used to, automatically, rank images in a large dataset based upon the likelihood of manipulations being present. By ranking a set of images, the dataset could potentially be reduced and in turn reduce the total amount of work needed to process the images..	Marcel Worring <m.worring=>uva.nl> Jeffrey Bosma <Jeffrey.Bosma=>os3.nl> Daan Wagenaar <daan.wagenaar=>os3.nl>	R P	1
25 N	OpenFlow. OpenFlow is a new network technology. it was developed at Stanford University, but is now gaining support from companies like Cisco, Juniper, Microsoft, Google and Facebook. OpenFlow is a form of software defined networking where forwarding tables are programmed into switches by applications. In this project you will define which OpenFlow feature(s) you want to investigate. This can be done on a simulator and/or with real OpenFlow hardware. Prerequisites are basic knowlegde of Ethernet (forwarding tables, flooding, VLANs, spanning tree) and some programming experience in Python or C++. Research Question: implement spanning tree alike protocol in a network of switches. For more information see www.openflow.org and www.opennetworking.org.	Ronald van der Pol <rvdp=>sara.nl> Iwan Hoogendoorn <Iwan.Hoogendoorn=>os3.nl> Joris Soeurt <joris.soeurt=>os3.nl>	R P	1
26	Content grouping algorithm. GOVCERT.NL constantly monitors hundreds of web sources to acquire more insight into current threats. A 24/7 watch tool scans the internet for digital threats and vulnerabilities in software and operating systems. Based on the acquired information, GOVCERT.NL publishes various products. We designed a tool called Taranis to support the work flow of this task. Every day, we check approximately 900 sources. Relevant news items and e-mails are analyzed. The task of analyzing news items could be greatly reduced by automatic grouping of similar news items. Google News uses a proprietary algorithm to perform such a task. Developing software to detect similar news items is not a straightforward task. Investigate previous work done on this subject and develop an open algorithm for content grouping. A working proof-of-concept would be a pre. Integrating such algorithm in Taranis is not a part of this project. More general information about Taranis: http://www.govcert.nl/english/service-provision/ICT+risk+alert/taranis	Bart Roos (GOVCERT.NL) <bart.roos=>govcert.nl>	R P
27	IPV6 risks and vulnerabilities. Because the world starts to adopt IPv6 more and more we also run into the security problems involved with this migration/adaptation. Of course IPv6 has built-in security, compliance with IPSec is mandatory in IPv6, and IPSec is actually a part of the IPv6 protocol. IPv6 provides header extensions that ease the implementation of encryption, authentication, and Virtual Private Networks (VPNs). IPSec functionality is basically identical in IPv6 and IPv4, but one benefit of IPv6 is that IPSec can be utilized along the entire route, from source to destination. But it can be assumed that only enforcing the use of IPSec within IPv6 isn't solving all security problems and therefore there is a need to research to see what the vulnerabilities and risks are during the use of IPv6. For this research project the focus is on the vulnerabilities that exist because of the lack of using secure techniques and protocols in combination with IPv6.	R.F.Visser <rene.visser=>govcert.nl>	R P
28	Determining camera model from JPEG quantization tables. Acceleration methods for searching image databases, for example through optimizing search through quantization tables in JPEG. Some investigation has been done on how this JPEG characteristic can be used by such methods, but further investigation should give a better view on its feasibility. Other JPEG characteristics not yet exploited by any search method in current use may be investigated as well. These methods are used to search for images that have, for example, deviant or specific values for these characteristics. Certain values may indicate the use of a camera of some kind, or that it has been altered (or recreated) by specific image editing software. A proof-of-concept that shows the use of such characteristics in search methods will probably be implemented. Netherlands Forensics Institute.	Marcel Worring <m.worring=>uva.nl> Zeno Geradts <zeno=>holmes.nl> Marc Buijsman <Marc.Buijsman=>os3.nl>	R P	2
29	DNS-Based Authentication of Named Entries (DANE). The DNS-Based Authentication of Named Entries (DANE) extension for the Domain Naming System (DNS) is currently being drafted by the IETF. This allows for inserting Secure Sockets Layer (SSL) and Transport Layer Security (TLS) certificates [1] (or their fingerprints or public key) into DNS using so-called TLSA resource records. By using the existing DNS Security Extentions (DNSSEC) chain, this data can be proven to come only from the administrator of the DNS zone [2]. Thereby validating the certificate. This project aims to identify the amount of current certificates that could experience problems, and how these could be prevented or mitigated, when deploying DANE. The Electronic Frontier Foundation (EFF) has a collection of all certificates and certificate chains found on the Internet. A subset of these will be used to create TLSA records with different options set, these will then be validated. Another item that could be researched is the implementation of the current specification (version 12) in DNS authoritative and recursive servers and how they handle certain situations, e.g. CNAME records (aliases) and multiple of the same TLSA records.	Bert Hubert <bert.hubert=>netherlabs.nl> Pieter Lexis <pieter.lexis=>os3.nl>	R P	1
30	Securing an outsourced network: Detecting and preventing malware infections. With the rise of outsourced IT service management, client security is increasingly difficult to manage for IT security departments. Outsourced IT may comply to internal security standards, but often there is a mismatch between the security standards of the service provider and the client. IT requirements may change quickly due to technical and business evolution, but service level agreements and other contracts remain static over time. This situation may result in a situation where clients run old and insecure configurations. Another upcoming trend with bigger security management challenges is the 'bring your own device' concept. User's may bring and use their own device to connect to the business IT network and use it for work purposes. In these cases, the user is responsible of maintaining the device and manage its security. In both cases, there is a high risk of getting infected with malware. These infections can be caused by various causes such as drive-by downloads and rogue applications that are installed by users. Can these malware infections be detected and prevented from within the infrastructure of the business that has outsourced their IT or that allows 'bring your own device'?	Ewout Meij <ewout.meij=>external.t-mobile.nl> Dennis Cortjens <dennis.cortjens=>os3.nl> Tarik El Yassem <Tarik.ElYassem=>os3.nl>	R P	1

Presentations-rp1

Wednesday feb 8th in room B1.23 at Science Park 904 NL-1098XH Amsterdam.

Program:

09h30	#	Cees de Laat	Welcome, introduction.	RP	#stds
09h35	25	Iwan Hoogendoorn, Joris Soeurt	OpenFlow.	1	2
10h00	18	Michiel Appelman, Maikel de Boer	Performance Analysis of OpenFlow Hardware.	1	2
10h25	27	Fred Wieringa	IPV6 risks and vulnerabilities.	1	1
10h45	6	Vic Ding	Advanced Metering Infrastructure.	2	1
11h05		*	Pauze
11h15	19	Sebastian Carlier	Electromagnetic Fault Injection (EMFI) on System-on-a-Chips (SoC) / Smartcards.	2	1
11h35	21	Mohammad Shafahi	Bootstrapping the Internet of the Future.	1	1
11h55	20	Christos Tziortzios	l/O Load Scheduler for Grid Mass Storage.	1	1
12h15	29	Pieter Lexis	DNS-Based Authentication of Named Entries (DANE).	1	1
12h35		*	Lunch
13h30	9	Sebastian Dabkiewicz	Automatic end-host configuration.	1	1
13h50	4	Razvan Oprea	Traffic anomaly detection using a distributed measurement network.	1	1
14h10	23	Yannick Scheelen, Jop van der Lelie	Camera Identification on YouTube.	1	2
14h35	24	Jeffrey Bosma, Daan Wagenaar	Ranking of manipulated images in a large set using error level analysis.	1	2
15h00		*	Pauze
15h15	14	Rory Breuk, Albert Spruyt	Integrating DMA attacks in exploitation frameworks.	1	2
15h40	13	Dimitar Pavlov, Gerrie Veerman	Distributed Password Cracking Platform.	1	2
16h05	30	Dennis Cortjens, Tarik El Yassem	Securing an outsourced network: Detecting and preventing malware infections.	1	2
16h30		Cees de Laat & OS3 team	Evaluation.
16h35		*	End

p.s. used rfc3777:
Type #1 randomness or 'end' followed by new line.
Up to 16 integers or the word 'float' followed by up
to 16 x.y format reals.
82 85 91 86 91 99 88 99
82 85 86 88 91 91 99 99
Type #2 randomness or 'end' followed by new line.
Up to 16 integers or the word 'float' followed by up
to 16 x.y format reals.
end
Key is:
82.85.86.88.91.91.99.99./
index        hex value of MD5        div selected
1 77AEE9394B0F794A4474FD57DB4E76CF 18 -> 14 <- 27
2 0784FEC4AD8225B4B9E313964B9EDBA5 17 -> 13 <- 25
3 9E6935727331D665BCE4D94EBE99A1C6 16 -> 7 <- 18
4 35AB5C1300D01F7AC30310A3A777099C 15 -> 11 <- 23
5 9597EE554247A1F48CD8C4BD4E61C457 14 -> 18 <- 19
6 465F7729F79F1D38FB01971104E663B2 13 -> 3 <- 6
7 38B94845AF67C5C92860797312E8F50B 12 -> 10 <- 21
8 907BD71B3AD3C95CF3B1C7A95FAC4339 11 -> 9 <- 20
9 A7EFC546C5509BCBD2D895D69AB80E8E 10 -> 12 <- 24
10 A95C9EFCC261B95F4E73C6498A0DD69C   9 -> 16 <- 29
11 16596C56797CDC11531C0BC3DD8388BC   8 -> 6 <- 14
12 562622B349BD27568A755BFF2B0574B7   7 -> 5 <- 13
13 DD957DF326CB99A3362D87641BC466DC   6 -> 4 <- 9
14 F1E4F908EEBBFA79FDF14924ECFBE2A1   5 -> 17 <- 30
15 B45109FB0FC27918058A79C1CE5FF198   4 -> 1 <- 2
16 4D4EACF9EFBC2A13BFC376C0DD651361   3 -> 15 <- 28
17 63670AA5ADDC4BA5CB9BB94F3075F74C   2 -> 2 <- 4

Done, type any character to exit.
random input were the first 8 humidity values on buienradar tonight jan 25 21h45.
I replaced the missing one with #18
I filled in order the 1 and 2 person slots as they occurred.

Presentations-rp2

I hereby would like to invite you to the annual RP2 presentations, where the SNE students will be presenting their research. Considering the wide variety of presentations the day promises to be very interesting, and we hope you will join us. At the end of the day there will be time for drinks and discussion. No need to register.

Thursday July 5 th, 2011 in room C1.110 at Science Park 904 NL-1098 XH Amsterdam. Program:

10h00	#	Cees de Laat	Welcome, introduction.	RP
10h05
10h30
10h55
11h20			Pauze
11h40
12h10
12h40			Lunch
13h40
14h10
14h35
15h00			Pauze
15h20
15h50
16h15		Cees de Laat	Closing
16h16			Borrel in SNE lab

Process

You can select a RP1 from the entire list. Choose subjects that relate to courses already followed.
Must have successfully completed 75% of the cources that are scheduled prior to the respective RP.
You must complete RP1 before starting RP2.
Forensics track students have to choose for RP2 a subject with a "F" label.
Network track students have to choose for RP2 a subject with a "N" label.
Part time students have to do their RP2 in their 2nd year in june.
Selection

Preferably do not choose subjects that will be covered in subsequent courses.

working alone or in pairs

Preference for pairs because:

students can help each other when one gets stuck in a problem...

investigate more solutions in parallel

learn to collaborate
contribution of each student must be clear in report and presentation

However, doing an RP alone is also allowed
At the presentations pairs get 30 minutes, singles get 20 minutes.

Feedback during RP

During both RP1 as RP2 a voluntarily group meeting on the third monday afternoon 16h00.

If that monday is a holiday, that meeting will be on the third tuesday.

Purpose is to exchange progress information and discuss potential or real encountered problems.

fifth week

Presentation will be on thursday, report must be submitted by friday of the fifth week.
Optionally week 5 of the RP in June is available to continue and finish research.

RP order

A student must successfully complete RP1 before starting RP2.
RP1 and RP2 can be done arbitrarily in January or June.
If failed for RP2, it is allowed to redo a RP2 at any time.

Evaluation

Advise from the supervisor about the research done on location.
Advise on presentation and report is welcome.
this information must be delivered by supervisor before end of fifth week.

report and presentation are evaluated by the OS3 team.
Marks for presentation are determined before end of fifth week.
Evaluation and if needed corrections of report can take up to 6 weeks (pending holidays in july.
If rest is positive there is an opportunity to correct the report.

average and the mark for report must be 6 or more and the other marks must be more than or equeal 5.

Publication of results

the marks will be posted on blackboard.

Colloquia

We aim to schedule colloquia about research in computer science to give more context for the RP's.

Communication

All communication happens using email addresses from either OS3 or UVA.

Faculty process:

When applying for a bachelor or master certificate the student must submit an approved copy (with a mark 6 or higher) of the student’s bachelor or master thesis. Students are requested to submit their thesis for two reasons:
• De Faculty is obliged to register all theses in order to be - amongst others - accountable for the standard and assessment of its theses to the visiting Quality Assessment Committees of the disciplines.
• The theses can be a source of information to students and teachers.
These rules and regulations are applicable to all bachelor- and master theses submitted to the archives of the Faculty of Science. The student hands in the thesis at the Education Office when applying for a certificate.
The supervisor of the bachelor- or master final research project (and/or the Board of Examiners) may demand that the student hands over one or more hard copies of the thesis. This will be agreed on at the start of the final research project.
When applying for the certificate the student submits a digital copy of the thesis of the final research project. The student has to take care that this copy is either in PDF or Word (and not a mix of both for e.g. separate parts of the thesis, cover, index, appendices).
The supervisor of the final research project must take care of two things:
• The supervisor has to indicate whether the copy that is submitted is the true version that has been concluded with a satisfactory result
• The supervisor has to indicate (in agreement with the student) whether the thesis contains confidential information, and therefore must not be submitted to the - public – catalogue of the library. These theses will only be registered confidentially.
The Education Office only provides diplomas to students who have submitted a Thesis. Please note the role of the supervisor.
The Education Office sees to it that the approved document will be filed by the library of the Faculty of Science. The thesis will be stored on the faculty’s server, which also takes care of a back-up.
The library transfers the thesis to the on-line catalogue (UvA-DARE), unless the supervisor has indicated that there are strong objections against it because of its confidential character.
A student may decide not to actively contribute to publication on the internet. For that reason the student may request the Education Office not to publish the thesis, and the thesis will only be registered in the Faculty’s archives.
This procedure will be published on the programme website (<http://www.student.uva.nl>).
You will find the procedure attached (PDF).

TIPS

Make a formal scientific report front page (not: This ia a consultancy report...)
Check English spelling
it is always: "bla bla, which" or "bla bla that", so not "bla bla which" or "bla bla, that"
be careful when using it's, it is, etc. It is the cat that was castrated. Its balls are on the table.
when using it's or their or which or this, make sure it is clear to what it points.
make complete sentences.
do not add several sentences together separated with commas.
it is always "However,"
use formal language: "one can" in stead of "you can"
check for stupid errors like of <-> off
structure report, numbering, etc.
read: http://en.wikipedia.org/wiki/Scientific_method

Project Proposal

Suggested project proposal format (to be delivered end of week 1) can be a subset of:

Title, names
Introduction
Research Questions
Related work
Scope, what is in/out of scope given limitations
Approach & Methods
Requirements, what equipment or software is needed
Planning
Expected products, tools, proof of concepts, results
References

Total max 4 pages.

SNE master student projects 2011 - 2012

Contact

Research Projects 1 and 2 (RP1 and RP2)

Rules

TimeLine

Projects

Virtualization vs. Security Boundaries.

DNS security revisited.

Traffic Volume vs. Network Inspection.

Traffic anomaly detection using a distributed measurement network.

Monitoring the cloud.

Advanced Metering Infrastructure.

Tiled video streaming implementation.

P.S. these are way more software engineering, but if someone fabricates a relevant research question for SNE RP1 out of these, please contact me (CdL)

Native tiled video streaming on iPhone, iPad or Android

Second-screen synchronisation

Social TV marking of scenes

CDN Interconnection

Automatic end-host configuration.

Data Integrity in Digital Archives.

Security Metrics.

OpenNSA.

Distributed Password Cracking Platform.

Integrating DMA attacks in exploitation frameworks.

Security scanner for mobile apps.

Content Security Protection.

Feasibility of attacks on weak SSL ciphers.

Performance Analysis of OpenFlow Hardware.

Electromagnetic Fault Injection (EMFI) on System-on-a-Chips (SoC) / Smartcards.

l/O Load Scheduler for Grid Mass Storage.

Bootstrapping the Internet of the Future.

OpenDNSSEC.

Camera Identification on YouTube.

Ranking of manipulated images in a large set using error level analysis.

OpenFlow.

Content grouping algorithm.

IPV6 risks and vulnerabilities.

Determining camera model from JPEG quantization tables.

DNS-Based Authentication of Named Entries (DANE).

Securing an outsourced network: Detecting and preventing malware infections.

Presentations-rp1

Presentations-rp2

Links

Process

TIPS

Project Proposal