Göm menyn

TDDD82 Projekttermin inklusive kandidatprojekt: Säkra, mobila system

Kandidatarbeten

Projekt ID Studenter Handledare
Projekt 1Christoffer Nilsson
Sebastian Karlsson
Simin Nadjm-Tehrani
Projekt 2Ola Jigin
John Bengtson
Simin Nadjm-Tehrani
Projekt 3Marcus Arnemo
Benny Lam
Simin Nadjm-Tehrani
Projekt 4Jakob Danielsson
Anton Forsberg
Niklas Carlsson
Projekt 5Tova Linder
Pontus Persson
Niklas Carlsson
Projekt 6Karl Andersson
Marcus Odlander
Niklas Carlsson
Projekt 7Louise Svensson
Jacob Bergvall
Marcus Bendtsen
Projekt 8Tobias Krispinsson
Filip Asp
Marcus Bendtsen
Projekt 9Andreas Alvarsson
Robert Lantz
Marcus Bendtsen
Projekt 10Erik ReimersMarcus Bendtsen

Instruktioner

Varje par skriver i ett mejl en sorterad lista över alla lediga projekt i sin egna preferensordning. I mejlet skall också framgå vilka två personer som ingår i gruppen. Bifoga inte några dokument eller liknande, allt ska stå direkt i mejlet. Notera att alla projekt måste ingå i listan. Mejlet skall se ut som följande exempel:

Marcus Bendtsen (marbe800)
Jakob Pogulis (jakpo779)

Projekt 4
Projekt 1
Projekt 8
osv.

Kursledningen kommer sedan att dela ut kandidatarbeten. Vi utgår från era preferenser men kan inte garantera att ni får de projekt ni har satt högst på listan.

Språk

Eftersom dessa kandidatarbeten har en vetenskaplig karaktär så föredrar vi att arbetena genomförs på engelska. Framläggning och opposition är på svenska.

Specifika krav

Vissa projekt har specifika krav, de står skrivna i texten till projektet, se till att ni uppfyller dessa.

Projekt

Projekt 1

Er centrala server för missionshantering och lägesbild är en typisk kritisk funktion som man ställer hög tillgänglighet krav på. I den tidiga utvecklingsfasen har ni karakteriserat vilka antaganden ni har om felkällor (faults) som kan påverka hur tillgänglig denna tjänst är. I detta fördjupningsprojekt ska ni analysera hur stor tillgänglighet ni kan garantera ("justify") och detta under vilka omständigheter (vilken felmodell, permanent/transient, hur ofta kan felet uppträda, och under vilken last från klienterna). Arbetet går ut på att ta fram en matematisk modell genom användning av tidigare kunskaper i sannolikhetsteori och källor i litteraturen. Modellen ska kunna användas för att prediktera hur tillgänglig er server är och ni ska kunna välja lämpliga parametrar i er server replikeringsmekanism (tex den optimala intervallet för "checkpointing") för att åstadkomma den önskade nivån av tillgänglighet, eller önskade snabbhet i återhämtning efter en krasch.

Projekt 2

Er centrala server för missionshantering och lägesbild är en typisk kritisk funktion som man ställer hög tillgänglighet krav på. I den tidiga utvecklingsfasen har ni karakteriserat vilka antaganden ni har om felkällor (faults) som kan påverka hur tillgänglig denna tjänst är. Oavsett hur långt ni kommit för att implementera en feltolerant version av er server, så finns det behov av två fördjupningar i detta miniprojekt: a) att slutföra implementeringen av redundansen så tjänsten kan påstås ha högre tillgänglighet än en icke-feltolerant server, och b) skapa lämpliga experiment så att ni kan mäta har den feltoleranta tjänstens prestanda (tex average/max round trip time) påverkas jämfört med den icke feltoleranta tjänsten.

Projekt 3

Applikationen som ni demonstrerar ska kunna använda 3G eller WiFi för överföring av krislägesinformation. Ett krav i ett krissammanhang är att systemet ska vara energisnål i de handburna enheterna, men energieffektivitet i 3G nätet påverkas stort av både mängden överföringar och distribution av paket upp/nerladdning över tiden. I detta miniprojekt är det tänkt att ni ska använda en Kit som Ericsson tillhandahållit för att kunna mäta den exakta energiåtgången för en apps interaktioner över 3G-nätet. Eftersom repeterbara experiment med olika appar för att mäta deras energiavtryck är både svårt och tidskrävade, så har vi ett verktyg - EnergyBox - som tillåter att interaktionen med en app ("packet traces" för appen) ska kunna användas för att estimera energiåtgång. I detta miniprojekt ska ni generera lämpliga (representative) transmissionsspår från minst två typer av paketflöden från er app, testa Kitet för att ta fram exakta energiavtryck för några av dessa spår, och sedan använda vårt verktyg för att på ett mer systematiskt sätt avgöra appens energiavtryck. Applikationen behöver eventuellt färdigställas *innan* dessa mätningar utförs så att ni faktiskt kan generera typiska paketflöden innan deras energiavtryck mäts.

Projekt 4

Good communication and careful resource usage is critical in disaster scenarios. To allow a user to adapt its bandwidth usage based on current network conditions and resource availability, it is important to also have good estimates of what performance the user normally would be able to expect in its current and neighboring locations. Network performance maps can be used to predict the bandwidth conditions that will be seen in a particular location, and can hence help users use their resources more efficiently (e.g., by downloading or transferring information at opportune times, when the communication would require less resources). By leveraging measurements made by users that have been in similar/different locations, the network performance maps used by a user can be enhanced compared to if only using its own measurements (e.g., by downloading/uploading at opportune times).

Using data driven simulations (based on network speed measurements) you will compare the performance and accuracy that can be achieved using a central server approach that have knowledge of all such measurements but may be more sensitive to central failures (or reachability during a disaster), and crowd-based approaches in which opportunistic exchange opportunities are used to exchange measurement information between users. For this task, you will need to (i) create or identify "realistic" mobility models, (ii) use measurement data to create throughput maps as per approaches described in existing research literature, and (iii) use these to simulate and compare the performance of system solutions using both a central data store and opportunistic solutions with peer-to-peer exchanges (of "geo-throughput" information) under different mobility scenarios.

Your simulator should be able to use large volumes of measurement data and should allow you to test and compare different exchange policies that determines (a) who should exchange information with who (e.g., based on where you and them have been), (b) at what times these exchanges should take place (e.g., when you both are in the same location for some time), and (c) what information should be exchanged (e.g., throughput for locations of common interest). Your simulator should take a set of mobility traces of clients (that you use for both past history of where they have been and future history of where they are going) and use these to simulate and compare different policies. The focus on this project is on the difference in value of the exchanged information when using different policies. All tools/analysis will need to run on linux, no data is allowed to be copied/moved from the system where the data is stored, and the results/report (that may involve analysis of real data) are not allowed to include any private information or IP addresses.

Projekt 5

Network performance maps can be useful in predicting the future download speed in different parts of the network (or which operator should be used in each area, in the case that multi-homing is used to allow better redundancy and performance, for example). This can be very important when deciding when and where to download larger files, for example, especially under battery constrained scenarios, such as those considered in this year's term-project.

In this thesis project you will evaluate the predictability of the download performance in different geographic regions, across different types of operators, at different time of the day, as well as conditioned on different other constraints. This project will involve implementing and evaluating different prediction techniques, while working with measurement data. You will benefit from scripting and programming skills that allow you to create (or use) statistical tools that allow large datasets to be processed. The tools that you develop should allow analysis of substantial datasets. As a first step, we would like to look at correlations between the throughputs in neighboring locations, as well as second-order statistics (e.g., normalized standard deviations) for throughput estimates in a particular location and conditioned on different circumstance (e.g., operator, time of day, etc.). All tools/analysis will need to run on linux, no data is allowed to be copied/moved from the system where the data is stored, and the results/report (that may involve analysis of real data) are not allowed to include any private information or IP addresses.

Projekt 6

The Internet plays a critical role in today’s society and is often used to transfer and share important information. Under disaster scenarios, as well as under regular operation, it is therefore important to easily detect network failures and network performance degradation in regions, in the network as a whole, or for individual operators. In the case of attacks against critical network infrastructure or network failures due to natural disasters, first responders can play an important role in help detecting such failures or performance degradations.

In this project, you will evaluate the effectiveness of a crowd-based approach in which a collection of download speed measurements (both by first responders and other users) are used to detect anomalies and network problems. As a first step, this will involve investigating potential correlations between network problems and the number of measurements done by a group of users, under different network conditions. Second, more advanced investigation of different anomaly detection algorithms will be evaluated. For this task you will develop tools to analyze potentially large datasets, as well as develop and evaluate online detection algorithms on such datasets. All tools/analysis will need to run on linux, no data is allowed to be moved from the system where the data is stored, and the results/report (that may involve analysis of real data) are not allowed to include any private information or IP addresses.

Projekt 7

Risk analysis review: Risk analysis is a fundamental step in many security related tasks, such as developing new software, securing existing infrastructure or changing the physical location of data centres. Many risk analysis methods have been proposed, as available resources, situations in which risk analyses are applied and the goals of the risk analyses can vary. The primary aim of this project is to survey scientific literature in order to find proposed methods and to suggest a classification of these methods in order to alleviate the choice of method. The secondary aim is to find scientific applications and real world usages of these methods in order to identify particular successes and failures using the methods, and if possible connect these with the classification previously done.

Projekt 8

Authentication without a third party: The existing public/private key infrastructure allows two parties to verify each other’s public keys, thus enabling secure communication between the two parties. This verification is possible due to both parties already having established a trust relationship with a third party. In a crisis situation this trust relationship may no longer hold, for instance external forces may have compromised a certificate authority or the third party may be unreachable. This project is motivated by the need to investigate alternative means for distribution of verified certificates. The primary aim of this project is to first investigate current alternatives for verification and then to theoretically define a way to physically share certificates through mobile phones using NFC. The secondary aim of this project is to complete a risk analysis of the proposed method and based on the results propose mechanisms that may mediate the risks.

Projekt 9

Access control: An integral part in mid- to large sized systems is defining the allowed behaviour of the users of the system. The behaviour of users should be governed in such a way that security policies are upheld. For instance, users belonging to a certain group that are using a workstation may be allowed write access to certain files, but not when they are using a mobile phone. This becomes non-trivial in systems that have many types of users, devices and resources, and that may also have to define the behaviour of external users. Given a communication system used in crisis situations, the primary aim of this project is to create a map of the necessary access controls, i.e. where security policies need to be defined, and then to define these policies. The secondary aim of this project is to survey existing policy models in order to propose a new policy model that is an extension and/or modification of the existing models that can be used to fulfil the defined security policies.

Projekt 10

TLS and IPsec: For some time now the Internet has been utilised to offer services that require secure connections, such as bank account transactions, confidential information transfers, etc. Increasingly TLS (in conjunction with certificates) is being relied upon as a protocol that offers the required security features, often in the form of HTTPS connections. However, the application layer is required to initiate the use of TLS, thus security is not abstracted away during application development/deployment. IPsec is a protocol defined at the Internet layer, which offers security features to all traffic from one host to another, regardless of application. In a crisis situation it may be desirable to be able to setup an ad-hoc secure connection amongst only a few devices, e.g. five mobile devices may need to be able to communicate securely using several applications. The primary aim of this project is to investigate how these two protocols can offer confidentiality, integrity and availability, and then to identify known vulnerabilities in these protocols and to assess the feasibility of exploiting these vulnerabilities. The secondary aim of this project is to produce a proof-of-concept that shows how IPsec could be used to set up ad-hoc secure connections between mobile devices that would allow all applications on these devices to communicate securely.


Sidansvarig: Nahid Shahmehri
Senast uppdaterad: 2015-02-18