SFWR 4C03 - List of projects in security

Date: Friday, March 5, 2004.

From: Kartik Krishnan (kartik@caam.rice.edu)

To: all_se4c03@cas.mcmaster.ca

CC: kartik@optlab.cas.mcmaster.ca, shalabhm@mcmaster.ca, dongz@mcmaster.ca

Subject: Tenative class projects in computer security

Hello all,

The date for project proposals is fast approaching, and perhaps many of you are still on the lookout for tentative projects. If you already have

found a tentative project, then you may discard this email. If you have not, here is a nice listing of class

projects on computer security. We won't have time to discuss some of these projects in class, and it will be nice if someone can write a nice report on them.

(1) Key Management in symmetric and public key crytography: How are keys exchanged in both these systems?. I can provide more information on this topic if someone is interested.

(2) The Kerberos authentication service: Imagine a distributed computing environment where a user at a workstation wishes to access services on servers distributed throughout the network.

How does a server restrict access to authorized users and be able to authenticate requests for service?.

The official Kerberos webpage is at MIT; see http://web.mit.edu/kerberos/www/ for more information.

(3) Hash functions and algorithms: Hash functions and algorithms are commonly used for authentication purposes.

See http://www.rsasecurity.com/rsalabs/faq/2-1-6.html for a discussion of hash functions.

(4) Attacks on the RSA crytosystem: How does one attempt to break the RSA cryptosystem (the public key cryptosystem used on the Netscape Navigator)?.

There are two kinds of attacks: mathematical and timing attacks. I have posted a very readable paper by Dan Boneh on the course webpage which discusses such attacks.

The URL for this report is http://www.ams.org/notices/199902/boneh.pdf

(5) Malicious Software including a discussion of computer viruses, threats, and countermeasures that have been adopted.

(5 1/2) How about malicious humans (hackers)?. Who are these hackers; what are some of their intrusion techniques; how can we detect and protect against hacker attacks?.

(6) Web Security: How does one ensure a secure transmission over the WWW?. This is important if you place an order to purchase a book at amazon.ca

There is a web security FAQ at http://www.w3.org/Security/Faq/www-security-faq.html which has detailed information on this topic.

(6 1/2) I agree web security is the most interesting, but how about email security and IP security?. Again, I have more information on these topics if anyone is interested.

(7) A discussion of number theory in cryptography: What are prime numbers?. How does one check whether a number is prime?.

Some of you are aware that 3 researchers (Agarwal/Kayal/Saxena) from the Indian Institute of Technology at Kanpur last year showed that there is a polynomial time algorithm to check whether a number is prime.

This was hailed as a major backthrough. There is a FAQ on primality testing at http://crypto.cs.mcgill.ca/~stiglic/PRIMES_P_FAQ.html which contains pointers to further information on this topic.

(8) Quantum computing: One could break the RSA cryptosystem if one had access to a quantum computer.

Luckily, one has not been able to build a quantum computer so far. There is a brilliant algorithm due to Peter Shor which shows that one can factor a number into its prime factors in polynomial time, if one has access to a quantum computer.

You can find more information on quantum computing and Shor's algorithm at http://alumni.imsa.edu/~matth/quant/299/paper/paper.html

(9) Quantum cryptography: What if someone managed to build quantum computers in the near future?.

The RSA crytposystem, as we now see it, would be useless (see Shor's algorithm above).

One would now need tools from quantum cryptography if one wants to preserve computer & network security then.

What is quantum cryptography?. Check out http://www.cs.dartmouth.edu/~jford/crypto.html

(10) Firewall design principles: How are firewalls designed; how do they function; how secure is a firewall? etc

See http://www.cert.org/security-improvement/practices/p053.html The book by Zwicky, Cooper and Chapman (see the references in my writeup on class projects) has plenty of details.

This is only a sprinkling of topics that I found interesting. If you need more information on any of these topics, feel free to drop by my office at ITB 106.

Hope this helps!.

Thanks,

Kartik