Project Ideas

You are highly encouraged to come up with your own ideas and topics for the term project. Here’s a list of some term project ideas for your inspiration. Your specific project proposal still requires specific details about what exactly you will do before it can be approved by the course staff. Also, we prefer that groups work on somewhat distinct topics.

Attention: Look for models and inspiration but make sure you do not repeat exact topic of one of the previous 442 projects.

Specific project Ideas (discuss details with Kosta as early in the term as possible)

  • Security analysis of PayByPhone parking solution (formerly Verrus), as it’s provided via Android, iPhone, and/or BlackBerry apps. To get up to speed with the project, see two reports on Verrus security analysis from 412 groups in 2008 and 2010.
  • Analyze user habits in selecting passwords using the dataset of Hotmail passwords leaked recently.
  • Security analysis of anti-theft engine immobilizers for cars.
  • Security analysis of http://terracorps.com.
  • Usability evaluation and comparison of “Protecting Confidential Data on Personal Computers with Storage Capsules” with other approaches
  • Security analysis of Padlock hard drive using brute-force (http://www.macworld.com/article/142370/2009/08/padlock.html?lsrc=rss_news)
  • Usability analysis of Android security dialogs with the user
  • Usability analysis of the personal firewall in Mac OS Snow Leopard
  • Implement a Program to Measure the Amount of Randomness Available in a System
    Many systems assume a source of randomness to generate cryptographic keys. Without a source of good randomness, keys are extremely easy to guess. The default Linux® random number generator gathers randomness from IDE disk events and mouse/keyboard I/O. On headless server machines with SCSI disks locked in hosting centers, there may be little or no randomness. Can you measure the effectiveness of random number generation? Develop a suite of tests to determine how fast randomness is exhausted?
  • Security Analysis of Electronic Postage Systems
  • Design and implementation of a system for keeping personal content outside of online social sites.
    Description:
    in most social net sites, when you upload some content (photos, videos, etc), it becomes the “property” of that site; i.e., the site operators can archive your content indefinitely (e.g., photos are not deleted when users delete them), share it with anyone they like, sell or make money whatever ways they can. To mitigate this, Mohammad Mannan proposed this simple idea:
    What if users could host their web content on their own machines (even from home routers – many of them run a web server by default, or any other personal space like school account), and use social networking sites for sharing the “links” to their content? Technically and legally users would retain their content rights – and site operators cannot assume “ownership” of user content – or at least most part of it. Implementation challenges are not that many (now-a-days you can even make Firefox to become a web server) – the biggest being coming up with a usable solution for running a web server and sharing content from it. A Facebook app may also be needed to make it work.
  • Study of the perception of trust issues among friends in social networks such as Facebook.

General themes that need to be narrowed down into a very specific idea

  • Usable security
  • Law and security
  • Economics of security
  • Economics and security
  • Peer-to-Peer security
  • Anti-Spam techniques
  • Anti-phishing techniques
  • A Secure media distribution framework
  • Security of Wireless Networks and Mobile Devices
  • User Authentication in Cryptographic File Systems
  • Steganography in Spam
  • Proactive Cryptography Applications in Smart Cards
  • Execution-Based Software Protection
  • Steganography in TCP timestamps
  • Rethinking Software Piracy: Active Software Rights Verification for Effective Control of Piracy
  • Reputation-Based Certificate Authorities
  • Cookie authentication
  • Analyzing security of the UBC wireless network
  • Threshold Signatures and Open Source
  • Honeypots
  • Identity Theft
  • SmartCards security
  • Payment via GSM Mobile phones
  • Digital Multimedia Copyright Protection
  • Security of Network Attached Storage
  • Software security
  • Intrusion Detection Systems
  • Cellular Telephone Security
  • A Computer Testing System
  • Copyright Protection Mechanisms in DVD + DIVx
  • Network Access Controls
  • Digital Money—Fault Tolerant Multibank System
  • Security Policy Models
  • A Random Number Generator
  • Impact of Quantum Theory on Cryptography
  • Secure Electronic Wallet Technology
  • Preventing Media Piracy
  • Secure Electronic Poker
  • A Study of SSH
  • ATM: A Trusted Machine?
  • Secure Mobile Code Framework
  • Pseudonyms and Credential Transfer
  • Electronic Payment Schemes
  • Computing with Encrypted Data
  • Receipt-Free Secure Elections