Hide menu

TDDD17 Information Security, Second Course

Project Assignments

Project id Project name Assigned students Supervisor
001 Password security in practice Group A:elipe344 and hakgu806
Group B:edwns842 and klaha707
Niklas Johansson
002 (Un)Predictable people Group A: antbo642 and nikha864
Group B: thefl596 and mathe296
Niklas Johansson
003 Empirical evaluation of the prevalence of insecure WiFi encryption Group A: magqv743 and henot901
Group B: henad221
Marcus Bendtsen
004 Tamper protection review Group A: felfr379 and marsj725
Group B:
Marcus Bendtsen
005 Certification transparency crawler Group A: oskjo581 and joali220
Group B:
Niklas Carlsson
006 Hotspot traffic analysis Group A: pettu298 and eriro331
Group B: johst822 and emigu059
Andrei Gurtov
007 Host identity protocol Group A:
Group B:
Andrei Gurtov
008 Analyzing Internet-connected industrial equipment Group A: emmso236 and boymi096
Group B: adaha287 and mohkh623
Andrei Gurtov

1. Password security in practice

Passwords are by far the most insecure user authentication method but also the most common. There exists lots of advice on how to choose passwords, how to handle passwords, how to differentiate between passwords for different sites etc. Also sites often have restrictions on passwords. But how do real users follow this advice? Have they even heard it? Do they find it cumbersome to adhere to it? Do they have problems with enforced restrictions on password choice? Study restrictions from your own experience and searches of sites! Also create categories of passwords and make a survey of to which extent user passwords belong to each category according to their owners! (Categories can be names/words close to user, passwords found in dictionaries, passwords shared for several or all sites, passwords following pattern for different sites etc.) Another possibility is to evaluate password generation tools that can be found in the wild. Do these generate secure/useful/trustworthy passwords? Finally make a summary of your view of password security in practice. This summary should be based on password guessing capabilities of possible attackers.

2. (Un)Predictable people

In information security the notion of randomness is central, in fact, the formal definition of a cryptographic key is that of shared randomness. To maintain security this randomness should not be predictable, and sometimes people are asked to input to the process of generating keys. But are people really good at being unpredictable?

During the fall of 2016 an event called the Big Bell Test took place. It was described as "Worldwide quantum physics experiments powered by human randomness", where almost 100,000 people participated, contributing by generating numbers at random.

The project assignment will be to analyze the generated data with a test suit for randomness testing, and try to determine in what way people (that tries to be unpredictable) are predictable.

3. Empirical evaluation of the prevalence of insecure WiFi encryption

Despite having been proven completely broken over 10 years ago, the WEP standard for securing WiFi networks are still supported by modern equipment, in order to guarantee backward compatibility. Using readily available tools and guides on the internet, anyone with moderate computer skills could recover the WEP password in often only a few minutes.

This presents a problem for less security-conscious end-users, who may be unaware of the risk, and use WEP under the false assumption that it actually protects their privacy. This project aims to empirically investigate how common usage of WEP is among regular households by passively scanning the probes that all WiFi access points, such as routers, sends out by default. By systematically traversing a larger area while scanning for wireless networks, an estimate of the incidence of WEP usage can be obtained.

Prerequisites: A basic understanding of wireless network technology. A laptop or similar with a wireless network card, preferably with an external antenna. (We also have USB network adapters that you can borrow.) A car, or a bike (and strong legs).

4. Tamper protection review

Increasingly, mobile devices are given access to business and security critical content. These devices are often small and can easily be carried around, thus giving additional opportunities for attackers to get their hands on a physical device. Although attackers may not be able to use the mobile device, they may be able to access confidential information, including encryption keys, from the hardware within the device. The aim of this project is to do a review of existing attacks against physical devices and methods for tamper protection. This includes active protection that attempts to detect intrusions and alter the device itself, and passive protection, such as using certain materials etc.

5. Certification transparency crawler

The last few years there have been many instances of rouge certificates that have compromised HTTPS security. Certificate Transparency (CT) provides a way to monitor and audit certificates and certificate chains; helping improve the overall network security. Chrome already demands that Extended Validation (EV) certificates (issued after Jan. 1, 2015) are logged before displaying visual cues to the user that normally come with EV certificates, and other certificates are likely to be required to be logged soon too (by both Chrome and Firefox). To prove that a certificate has been logged the certificate needs to be accompanied by a Signed Certificate Timestamps (SCTs). In this project you will develop a methodology for collecting SCTs (which can be delivered in many different ways) and information/measurements about the communication process during the HTTPS/TLS handshaking process, and perform a large-scale crawl of the most popular websites in the world (and/or of the most popular websites of different categories of websites). Potentially (depending on time) the data collection can be done with Planetlab; however, at the minimum the data collection should be done from a single machine (with the idea that the test framework should easily runnable from different machines) and cover a large number of popular websites (likely based on the Alexa popularity rankings). For additional information we suggest reading our PAM 2017 paper (paper), watch the following YouTube video for some motivation why CT is important (video), or both.

6. Hotspot traffic analysis

A large share of TCP/IP traffic still goes in plain-text over public WiFi hotspots that can be captured by other users nearby, even if wifi traffic is encrypted at the link layer due to similar pre-shared key. However, lately large providers such as Google started pushing https deployment by prioritizing it in the search results. By some estimates, over 50% of HTTP traffic is now encrypted. Other secure protocols, such as SSH, utilize transport-layer security as well. In addition, many users deploy IPSec VPNs such as OpenVPN to encrypt own traffic on the IP layer. Your task is to connect to public wifis and capture packet headers in promiscuous mode and later analyze the traffic to determine which share of it uses IPsec, SSL/TLS or plain TCP/UDP. No personally identifiable information shall be collected to respect user privacy.

7. Host identity protocol

Host Identity Protocol (HIPv2) is a newly standardized network security protocol by the IETF (RFC 7401). It establishes encrypted IPsec tunnels between hosts identified by public/private keys. While commercial use of HIP is rapidly progressing (www.temperednetworks.com) its open-source implementations are somewhat outdated. Your task is to setup a virtual machine environment to test basic HIP functions such as Base Exchange, mobility update, multihoming with wireshark packet capture. Old release of HIP Virtual World or lab sessions for this course with MLN setup can be used as starting points. The use of OpenHIP software and its update to support latest RFCs is encouraged.

https://datatracker.ietf.org/wg/hip/charter/
http://openhip.sourceforge.net/
http://hipl.hiit.fi

Prerequisites: Knowledge of TCP/IP and Linux software development

8. Analyzing Internet-connected industrial equipment

Many Internet-of-things devices (IP cams, smart TVs, etc) and industrial equipment including so-called SCADA devices are being connected to the Internet. In many cases, those are not patched, use default passwords or are not supposed to be on the Internet at all. Those can (and were already) easily hacked and exploited by attackers. Shodan is a search engine that allows to look for such devices in a certain area (identified by IP address ranges). Your task is to learn using this tool, run the scans over Linköping and whole Sweden to determine which kind of devices are Internet-connected and their types (industrial control systems, IoT devices, etc), what are their potential vulnerabilities, software versions and operating companies. However,this information should not be publicly disclosed nor exploited for any malicious activities. https://www.shodan.io/

Prerequisites: Knowledge of networking and basic Internet security

 


Page responsible: Nahid Shahmehri
Last updated: 2017-02-14