Project 2 - COMP 5407 (Sept-Dec 2003):
Research Survey and optional Implementation
Last updated: 20 October 2003, 12:30pm
Due: noon, Monday December 8 (under the door of 5173HP,
or in the instructor's physical mail box in the main Computer Science office
in an envelope clearly marked with the instructor's name and course
number). No extensions.
Last day for area topic approval by instructor (see details below):
Friday October 31.
Maximum length for research survey: 20 pages.
Prepare a survey/study paper on a
specified topic in authentication or software security,
of current interest in the research community,
and related to the course outline.
See suggested topics and papers below.
To limit the number of students on a given topic,
topic approvals will be on a first-come first-served basis.
Students will read appropriate
papers in the topic area, and prepare a report which:
surveys and summarizes recent progress in the area;
identifies important recent results and trends;
and outlines important open problems or future research directions.
As a stretch target, students should strive to write a publishable survey
Extra marks will be awarded for any (novel) extensions to
existing research. Grades will be awarded for demonstrating:
a good understanding of the area,
the important problems, and existing solutions;
the ability to fill in explanatory gaps or
integrate results of several research papers, with proper perspective;
and the ability to write with conciseness and clarity,
avoiding ambiguities and vagueness.
Proper academic citation of all sources relied on is required.
This is an individual project.
Read the "Policy re: Unethical Behaviour" on the course web page.
All specific ideas obtained from other students or sources must be
cited as such.
Projects involving programming:
Some projects may benefit from software implementations, in which case
a reduction in the expected survey length may be reasonable.
In these cases,
marks for the implementation aspect will be dependent on communicating
in a clear and consise manner, what was learned from the
implementation, and explaining its novelty or importance to the project.
Prior consultation with the intructor is strongly recommended.
The selected topic and an initial list of reference papers,
must be approved by the instructor.
Where listed, references are suggestions.
If none are listed, you have trouble obtaining references,
or a software implementation will play a major role in your project,
please discuss with instructor.
Memory mismanagement exploits.
Many exploitable memory management problems are known
besides stack-based buffer overflows, including:
heap overflows (dynamically allocated memory);
BSS or block storage segment overflows (static memory);
and format string vulnerabilities.
Explore and classify exploitable software vulnerabilities
involving memory management, and recently proposed solutions.
Suggested main references for problems:
for solutions: search recent conferences (e.g. NDSS, Usenix Security).
Examples of more specialized articles:
(For Issue#NN of Phrack Magazine, see http://www.phrack.org/show.php?p=NN )
Security in peer-to-peer software systems.
Make a proposal (including software implementation if appropriate).
Or use as a starting point any of: [P2Pwg], [Couch], [McKean], [Good].
Automated tools for software protection.
Survey recent research on software obfuscation and
software tamper resistance; compare different approaches;
explore which are complementary.
basic reference (may be covered in class): [Cohen].
Extend the existing analysis on graphical passwords (from class),
and/or make new proposals (e.g. an alternate grid scheme for converting
diagrams into password encodings); implement if appropriate.
References: Jermyn et al. (from class); [Monrose99].
Generating crypto keys from voice.
Explore and summarize work on generating keys from voice [MonReiter01],
building on earlier work related to keystroke dynamics [Monrose01].
Hardware-assisted software protection.
Propose a project related to protecting software and digital content,
based on the Trusted Computing Platform Alliance (TCPA)
and/or Microsoft's Palladium initiative.
Digital rights management.
Propose a project related to software-based digital rights management (DRM).
Group key management and revocation schemes.
Applications of group keying schemes include
securing group email, conference calls, collaborative groupwork
and broadcast media.
Access to content is controlled through managing content decryption keys;
an important aspect is revoking individual end-user access to such keys.
Explore and summarize existing group key management and
key revocation schemes suitable for practical use.
Suggested starting references:
Finding cryptographic keys in memory.
(includes software implementation)
Van Someren and Shamir [VanS] have noted
cryptographic keys are easily found in computer memory,
being easily distinguished from other data items
by their abnormal randomness. Indpendently verify their work,
and/or extend it. (Run tests only on your own machines, or with the
permission of others; do not break any laws!)
Human factors and computer security.
Explore and summarize recent results on
human factors and computer security.
References: see [HFCSbibli].
Browser security and spoofing.
Explore the difficulty (or ease) of malicious web servers spoofing
legitimate web sites.
Suggested starting references: [YeYuanSmith02], [Felten97].
Browser-based certificate problems.
Explore, summarize, and discuss some of the following
major browser certificate problmes over the past 3 years:
flaw in certificate chain processing (2002) [zcertificate1];
erroneously-issued certificate (2001) [zcertificate2];
Y2K certificate expiry problem (2000) [zcertificate 3].
(Warning: be a cautious judge of the technical credibility
of non-scientific online articles).
Non-browser certificate infrastructures.
Explore issues related to non-browser-based PKIs.
Recommended references: [Hesse02], [Elley01].
Password protocols resisting on-line dictionary attack.
Propose alternatives or extensions to the paper and algorithms
of Pinkas-Sander discussed in class.
Password protocols resisting off-line dictionary attack
(including software implementation if appropriate).
Perform an independent analysis, including efficiency comparisons
(message exchanges; efficiency for parameters offering practical security),
of EKE (from class)
and other password-based protocols resisting off-line dictionary attack.
Include a number of: SPEKE [Jablon], SRP [Wu], and AMP [Kwon] (see also [SPA]).
If you carry out implementations to aid timing comparisons,
use publicly available big-integer crypto-math packages.
Web client authentication reality.
Explore and summarize issues related to current practice of web authentication.
Main reference: [Fu01].
Trends in malicious code.
Summarize major malicious code incidents from the past 2 years
(e.g. Code Red; Nimda; Sircam; Slammer; Blaster; etc.),
discuss apparent trends in depth,
and predictions made by experts such as Staniford et al.
(see class reading), and CERT (see http://www.cert.org).
Determining safety of externally-supplied binary code.
Explore and summarize Necula's seminal work [Necula96]
on proof-carrying-code (PCC), and more recent progress in this area.
Crypto schemes limiting damage due to compromised keys.
Long-term keys in standard cryptographic algorithms are vulnerable to
key compromise (e.g. see [VanS]).
Explore and summarize the problem of undetected key compromise [Just],
and related work including forward-secure signatures [Bell99]
and key-insulated cryptosystems [Dodis].
Practical acceptance of cryptographic infrastructures.
Examine the challenges of digital signature systems being accepted
in practice. Issues include: perceived and actual security threats,
the veracity of public-key bindings to real-world identities,
certificate revocation issues,
relationships between signatures and authorization.
Example references (see instructor also): [VanS]; [Winn]; [Cryptogram].
Non-technical barriers to digital signatures in practice.
Carry out a detailed analysis of non-technical barriers to the success of
digital signature systems in practice (e.g. societal and cultural factors,
legal issues, user interfaces, etc.) Propose solutions for removing the
barriers, or arguments as to why they are not likely to be eliminated.
References: see instructor.
Security in Instant Messaging.
Prepare a survey of how Instant Messaging products work.
Provide a threat model, discuss security risks in practice, and propose
mechanisms to mitigate the risks. The study should reference actual
products (commercial or free software) where possible.
Propose your own topic, including the major references.
It must be related to the course outline.
"Smashing The Stack For Fun And Profit",
Phrack Magazine, Issue 49, Article 14 (Nov. 1996),
[Bell99] M. Bellare, S.Miner,
A forward-secure digital signature scheme, Crypto’99.
Bulba and Kil3r,
"Bypassing Stackguard and Stackshield",
Phrack Magazine, Issue 56 Article 5 (May 2000),
Chang and Atallah, "Protecting Software by Code Guards",
ACM CCS-9 workshop DRM 2001 (available online).
Chen at al.,
"Oblivious Hashing: A Stealthy Software Integrity Verification Primitive",
Information Hiding - 5th International Workshop (Oct. 2002).
Cohen, "Operating System Protection Through Program Evolution",
Computers and Security, Oct. 1993 (available online).
Conover and w00w00 Security Team,
"w00w00 on Heap Overflows",
[Couch] Couch, "Peer-to-Peer File-Sharing Networks: Security Risks",
(Sept. 8, 2002), http://www.sans.org/rr/policy/peer.php
[Cryptogram] Various articles in Schneier's monthly newsletter,
[Dodis] Y.Dodis, J.Katz, S.Xu, M.Yung,
Key-insulated public key cryptosystems, Eurocrypt 2002.
[Elley01] Elley et al.,
"Building Certification Paths: Forward vs. Reverse", NDSS'01,
Felten et al.,
"Web spoofing: an Internet con game",
20th National Information Systems Security Conference (Oct 1997),
[Fu01], Fu et al., "Do's and Don'ts of Client Authentication on the Web",
2001 USENIX Security.
FX of Phenoelit,
"Burning the bridge: Cisco IOS exploits" (heap overflow in ios),
Phrack Magazine, Issue 60, Article 7 (Dec. 2002),
gera and riq,
"Advances in format string exploitation",
Phrack Magazine, Issue 59, Article 7 (July 2002),
Baugher et al., Group Key Management Architecture (Feb. 2002),
(group key management architecture and overview).
[Good] Good and Krekelberg,
"Usability and privacy: a study of Kazaa P2P file-sharing", http://www.hpl.hp.com/shl/papers/kazaa/KazaaUsability.pdf
[Hesse02] Hesse and Lemire,
"Managing Interoperability in Non-Hierarchical Public-Key Infrastructures",
Bibliography on human factors and computer security:
Horne et al.,
"Dynamic Self-Checking Techniques for Improved Tamper Resistance",
ACM CCS-9 workshop DRM 2001 (available online).
See http://www.securemulticast.org for links to the IETF
Multicast Security (msec) Working Group and
Group Security (gsec) Research Group.
[Jablon] Jabon, "Strong password-only authenticated key exchange",
ACM Computer Communcations Review, Oct. 1996 (available online).
[Just] M. Just, P.C. Van Oorschot,
Addressing the problem of undetected signature key compromise, NDSS’99.
[Kwon] Kwon, "Authentication and key agreement via memorable password",
NDSS'01 (available online).
"Peer-to-Peer Security and Intel’s Peer-to-Peer Trusted Library"
(Aug. 20, 2001), http://www.sans.org/rr/threats/peer.php
Monrose, Reiter et al.,
"Cryptographic Key Generation from Voice",
2001 IEEE Symp. Security and Privacy (available online);
see also http://www.bell-labs.com/user/fabian/shortcut.html;
and Monrose et al.,
"Toward speech-generated cryptographic keys on resource constrained devices",
2002 Usenix Security Symp.
Monrose, Towards Stronger User Authentication,
PhD Thesis (NY Univ., May 1999),
Monrose et al., Password Hardening based on Keystroke Dynamics,
International Journal of Information Security (2001),
Naor, Naor and Lotspiech,
"Revocation and Tracing Schemes for Stateless Receivers" (June 2002),
[Necula96] Necula and Lee, "Safe kernel extensions without run-time checking",
OSDI'96 (availabe online).
See also later papers by same authors, including 1997:
"Proof-carrying code" (CMU technical report, and POPL'97 paper).
scut and team teso,
"Exploiting Format String Vulnerabilities" (March 2001),
[SPA] List of research papers on Strong Password Authentication:
"Taking Advantage of Non-Terminated Adjacent Memory Spaces",
Phrack Magazine, Issue 56 Article 14 (May 2000),
[VanS] N. van Someren, A. Shamir,
Playing Hide and Seek with Keys, Financial Crypto’99.
C. Wang, A Security Architecture for Survivability Mechanisms,
Ph.D. thesis, Univ. Virginia, Oct. 2000 (available online).
[Winn] J. Winn, The emperor’s new clothes: the shocking truth
about digital signatures and Internet commerce,
pp.353-388 in 37 Idaho Law Review, no.2 (2001).
[Wu] Wu, "The secure remote password protocl", NDSS'98 (available online).
Ye, Yuan and Smith,
"Web spoofing revisited: SSL and beyond",
Technical Report TR2002-417 (Feb.1 2002),
[zcertificate1] Articles related to 2002 flaw in certificate chain processing:
Microsoft security bulletin MS02-050
(Sept.04 2002; updated Sept.9 2002 and Nov.20 2002),
Certificate Validation Flaw Could Enable Identity Spoofing (Q329115),
"Security Flaw Found in Microsoft Web Browser", 13 August 2002,
(CAN-2002-0862 - candidate for inclusion in the CVE list);
bugtraq list posting (Aug.12 2002),
[zcertificate2] Articles related to 2001 erroneously-issued certificate:
Microsoft Security Bulletin MS01-017
(March 22, 2001; updated March 28, 2001),
Erroneous VeriSign-Issued Digital Certificates Pose Spoofing Hazard,
Slashdot thread (long): http://slashdot.org/articles/01/03/22/1947233.shtml;
Gregory L. Guerin, "Microsoft, VeriSign, and Certificate Revocation"
(20 Apr 2001; revised: 13 May 2001),
(includes discussion of Schneier’s "Fake Microsoft Certificates",
Apr.15 2001, http://www.counterpane.com/crypto-gram-0104.html#7 );
"The End of Trust as We Know It?
Analysis of the Microsoft/VeriSign Digital Certificate Incident" (July 2001),
[zcertificate3] Articles related to year 2000 certificate expiry problem:
Pete Loshin, "Y2K browser bug to affect e-commerce"
(CNN.com, May 31 1999),
"Technical Information - Root Expiry",