• Checkpoint 1: Problem Statement: Due November 29th, 11:59PM ET.

  • Checkpoint 2: Working Code and Data Analysis Due: December 7th, 11:59PM ET.

  • Completed Presentation: Due: Saturday, December 10th, 11:59 PM ET

1. Project Goals

  • Identify and articulate a specific, and concise problem statement in a security topic to research.

  • Build your skill set based on your understanding of core networking topics, and apply them to real-world security problems, through implementation, data analysis or literature review.

  • Give a 10 minute presentation on the topic of your choice.

2. Overview

In this lab, your group will investigate a security topic in depth, and should be able to convey through a small implementation, simulated attack or through a literature review of a problem you’ve investigated in lab

  • You can choose from a very broad range of projects, but your project must have a main focus on Security Systems. There should be a high-level question that you should frame and answer though your project.

  • You can come up with your own project idea or start with one of the suggestions below. Any of the following suggestions will function as just a starting point for a project idea, and are not fully investigated concepts. As a result, all of them will require some background investigative work and further definition of the problem you are solving and how you plan to solve it.

3. Getting Started

You should begin with a general idea of the problem you want to look at, then do one or more of the following:

  • a literature search of related work

  • related projects to get some ideas of what has been done

  • what some approaches are to solving your problem.

It is fine to do a project whose goal is to reproduce other researcher’s results, and/or to compare different, already developed, approaches to a particular problem.

You can work in groups of 2 to 3. If you would like to change your group membership, please send me an email with all of your group members.

3.1. Your Project Starting Point

Log into CS88 Github for our class and get the ssh-URL to your lab git repository. Follow along with the prompts below to SSH, create a lab directory and clone your lab repos.

# ssh into our lab machines
ssh yourusername@lab.cs.swarthmore.edu

# cd into your cs43/labs sub-directory and clone your lab2 repo
cd ~/cs88/labs
git clone [your-ssh-URL]

# change directory to list its contents
cd project-user1-user2

# ls should list the following contents
ls
README.md  data-analysis/  lab-extension/  lit-review/	presentation/  problem_statement.md

You should find the following files and directory structure in your Github repositories.

  • There is no starting point code, since your group will decide on the kind of project you plan to implement.

problem_statement.md is due for Checkpoint-1
  • There are three folders for each of the project options: data-analysis/ lab-extension/ lit-review/. You should only need one of these folders, depending on the project you choose.

    • Within each project folder, feel free to add more folders to keep your Github repo organized. The lit-review/report.tex only needs to be submitted if you plan to do a literature review.

Your working lab-extention/data-analysis and a complete lit-review are due for Checkpoint-2
  • Finally, there is a presentation folder should contain your presentation. You should push presentation-username1-username2.pdf of your presentation here.

The final deliverable is your presentation.pdf.

4. Deliverables

  • Checkpoint 1: Complete and submit problem_statement.adoc.

  • Checkpoint 2: Submit your code and results. Or, submit your report. Your final report should be named Report-username1-username2.pdf

  • Final Project: Your completed presentation.

5. Project Ideas

There are three categories of projects that you can choose to implement.

5.1. Projects based on lab extensions

The projects in this list are based on lab extensions.

If you choose a project in this list on lab extensions, send me a private edstem post and I will push starter code to your Github repo
  • Since these might involve some new ways of working through labs, we can go over your design choices, and functions you would need to get started with implementation.

  • With these projects, your presentation should describe what you have done in your previous and related labs, and tie it in with the current lab, and relate your work to real-world vulnerabilities and attacks.

Software Security

  1. return-to-libc attack: A canonical exploit of a buffer-overflow vulnerability is to overflow the buffer with a malicious shellcode, and then cause the vulnerable program to jump to the shellcode that is stored in the stack. To prevent these kind of attacks, most O.Ses make stacks non-executable; making such attacks infeasible.

    Unfortunately, this protection is not fool-proof and it does not even use shell code. Instead, it causes the vulnerable program to jump to some existing code, such as the system() function in the libc library, which is already loaded into the memory.

  2. Format string vulnerability attack: A format-string vulnerability is caused by code like printf(user_input), where the contents of variable of user_input is provided by users of the program. Malicious input can do the following: (1) crash the program, or (2) read or modify arbitrary memory.

    • For each of these projects, your final presentation should be able to explain the vulnerabilities, and defenses that prevent the buffer-overflow attack in Lab 1 and relate it to the attack of your choice above.

Cryptography

  1. Hash extension attack: The hash extension attack is an attack on Message Authentication Codes. Here, we assume that a client and server share a symmetric key. The server expects a MAC argument in the request. This MAC is calculated insecurely by concatenating the key and request arguments. Now, an attacker can intercept a client request to a server, expand the message, and calculate a correct MAC without knowing the key. Your task is to use this vulnerability to attack a server program and additionally, fix the server vulnerability in MAC generation by using HMACs instead.

In your final presentation, present your attack in the context of the other labs on symmetric-key cryptography that you’ve attempted in the course.

Web Security

  1. CSRF and Clickjacking attacks: These attacks extend on the SQL and XSS labs from Lab 2a and Lab2b.

    • Recall that in a CSRF the victim holds an active session with a trusted site while visiting a malicious site. The malicious site injects an HTTP request for the trusted site with the victim’s session cookies, that then executes on the trusted site, without the victim’s knowledge. For this extension, you can use the Elgg social networking site we setup for the XSS attacks in Lab2.

    • Clickjacking, is an attack that tricks a user into clicking on something they do not intend to when visiting a webpage, thus "hijacking" the click. In this extension, we will explore a common attack vector for clickjacking: the attacker creates a webpage that loads the content of a legitimate page but overlays one or more of its buttons with invisible button(s) that trigger malicious actions. When a user attempts to click on the legitimate page’s buttons, the browser registers a click on the invisible button instead, triggering the malicious action.

Network Security

  1. Enhance the DNS infrastructure using DNSSEC: DNSSEC is a set of extension to DNS, aiming to provide authentication and integrity checking on DNS data. With DNSSEC, all the answers from DNSSEC protected zones are digitally signed. By checking the digital signature, a DNS resolver is able to check if the information is authentic or not. DNSSEC prevents DNS cache poisoning attacks can be defeated. In this project, you will be provided with a miniature DNS system developed with DNSSEC. Your task is to configure each of the nameservers, so they all support DNSSEC.

  2. Launch the Kaminsky, a DNS Cache poisoning attack: This attack launches a remote DNS cache poisoning attack. Unlike the DNS rebinding attack, here the attacker is not on-path, and cannot sniff packets over the same local area network. Assuming DNSSEC is not enabled, your task is to poison the DNS cache and misdirect users to visit malicious destinations by remapping the hostname to IP mapping

  3. Launch attacks on TCP (The Mitnick attack) The Mitnick attack is a type of TCP session hijacking attack, that spoofs TCP session sequence numbers, to gain access to a remote system. Read up on the full attack here.

5.2. Dataset Analysis, Attack Detection and Prevention based on real-world measurements

The projects in this list are based on data analysis of real-world network measurements. These projects will involve (a) understanding and parsing the formats of these datasets and what the data represents, (b) experimenting with how to visualize data and (c) replicating existing results, or using ML or AI algorithms to learn patterns in the data, and/or find anomalies in the data

Here is a non-exhaustive list of project ideas:

Tips that might help

5.3. Literature Review Projects

The projects in this list involve an in-depth analysis of a specific research topic related to Security. This would have little or no implementation and testing, but would involve an in-depth literature investigation of a topic and an in-depth written report on what you learned that would include an extensive bibliography (10 - 12 references).

You can choose any sub-topic from the list of topics we covered in class or a topic of your choosing or a topic from one below. Note these topics are just broad ideas, you will need to find a well-scoped smaller sub-topic within these (many exist for each topic!)

  • Botnets

  • Underground economies

  • Privacy

  • Usable Security

  • Government oversight: Implications for security and privacy

  • Cyber-war fare

  • Privacy and ethics

7. Grade

This project will count for 7% of your grade.

Your grade is not based on how novel your results are, but rather in your ability to convey your understanding of the problem, and how to properly frame and analyze your discussion or experimental results.

The final grade for this is project is based on

  • the execution of the lab experiment/ cohesiveness, clarity, and completeness of your data analysis/literature review.

  • communication clarity and presentation clarity (label all figures, clear section titles, etc).