02230 - Data Security, Autumn 2005.

Examination Projects

In this course, you must write a final report on a chosen topic instead of sitting an ordinary written exam. You can choose any one of the following tasks as the topic for your report. You may work alone or in groups of two. When you have chosen which task you want to do, send an e-mail with "02230 examination project" in the subject to Christian D. Jensen, saying who you are (your name(s) and student number(s)) and which task you have chosen.

Your report must be handed in on Monday 12 December 2005 at 16.00 at the latest. Please hand in two copies. Reports may be sent by ordinary mail (addressed to one of the course teachers) or left in one of the "mailboxes" marked 02230 in the entrance to Building 322. Don't forget that the examination regulations require you personally to sign your report!

Rules

Your report is expected to be a full report on the topic you have chosen, including:

An introduction, explaining the aim and scope of the task.
A number of technical sections, describing your solution.
A conclusion, which summarises the main points and results.
A list of references.

If you wish to include extensive program documentation, reference material, test output or program source code, you are recommended to include it as an appendix.

Each group must produce an independent solution to the chosen problem. Although you are encouraged to look on the Internet for relevant information, you must give a clear reference to the source of any material which you have not written yourself, which you actually include in your report.

Links have been provided for some of the project proposals. These links have been provided as a starting point and should not be considered an exhaustive list of relevant information.

Evaluation

The report will be evaluated by the course teachers together with an external examiner. The final report counts 70% towards your final grade in the course, while the mandatory lab. exercises count 30%. Grades will be on the 13-scale.

Queries

There will be a general opportunity to ask questions about the report tasks on Wednesday 16 November. If you have questions about specific tasks, you are advised to contact the teacher who set the task directly. The relevant teacher is indicated by his initials:

CDJ: Christian D. Jensen, room 013, B.322.
RIS: Robin Sharp, room 005, B.322.
SCA: Srdjan Capkun, room 213, B.322.
RRH: René Rydhof Hansen, room 130, B.322.

A. Security in Intelligent Houses (CDJ)

A number of technologies have been proposed for intelligent houses, which will allow heating, lighting, alarms and appliances to communicate with each other and provide a unified profile, e.g., lights are dimmed in the living room and off in the rest of the house when the family is watching TV together, at the same time the temperature is lowered a few degrees outside the living room. Identify general security issues that arise in intelligent houses focusing particularly on the information and communication technologies required to build intelligent houses, e.g., communication technology (wired or wireless), sensor technology, authentication (key management), etc. Analyse the security issues identified above and identify threats and propose appropriate counter measures that can be implemented in the home environment. You may find inspiration in the scenarios defined in the scenarios below.

Links:
http://www.smart-house.dk/flash.htm
http://www.zen-sys.com (click on the Z-Wave Demo).
http://www.imm.dtu.dk/~cdj/SmartHouseWebSite/scenarios.html

B. Security and Privacy for Biometric Passports (CDJ)

In the fight against terror, the European Commission has decided that biometric information should be included in a chip in all visas and passports issued by the European Union. Perform an assessment of both security and privacy implications of the introduction of biometric passports. The security assessment must include an assessment of the individual technologies applied in a biometric passport: biometric readers, rfid tags, etc,. as well as an assessment of the overall system and whether it is likely to achieve its goal. The privacy assessment should look at the possibility of reading personal and biometric information from the rfid chips in the passport and assess the implications to privacy of citizens in countries that introduce biometric passports

Links:
http://www.statewatch.org/news/2003/sep/combiometrics.pdf
http://www.icao.int/mrtd/biometrics/intro.cfm
http://www.gao.gov/new.items/d03174.pdf
http://www.gao.gov/new.items/d031137t.pdf
http://www.lse.ac.uk/collections/pressAndInformationOffice/PDF/IDreport.pdf

C. Privacy in RFID Systems (CDJ)

Small RFID tags, which can be scanned at a distance, will increasingly replace barcodes in supply chain management (SCM). Currently it is the responsibility of the retailer to ensure that the tag is disabled at the point of sale, which does not always happen. Moreover, there are interesting applications that will be possible if RFID tags remain enabled after the point of sale, e.g., managing deposits for bottles and cans, general waste management, location services for the owner of a product, etc. Perform a survey of existing proposals for privacy enhancing RFID tags and assess the impact of privacy to consumers if RFID tags remain enabled - you should consider the case where no privacy enhancing technologies are applied and each of a selected subset of the technologies surveyed above.

Links:
http://www.epic.org/privacy/rfid
http://lasecwww.epfl.ch/~gavoine/rfid/

D. Wireless networks for Health-care Applications (RIS)

A lot of modern health-care functions make use of devices connected by wireless networks, either based on one of the IEEE 802.11 protocols or on Bluetooth. Two examples are:

An apparatus for measuring blood-pressure and blood oxygen content for a single patient may be connected to a central computer (which perhaps can communicate with a central patient database) via a wireless network. The central computer can handle several such pieces of apparatus (on different patients) at the same time.
A health worker who is visiting a patient at home may carry a hand-held computer (a PDA or similar), which via a wireless link can collect up the patient's medical data, medication requirements and other information from a central database at the local health center.

Discuss the security requirements for such systems, bearing in mind the legal requirements for protection of personal information, and the security risks associated with the use of wireless networks. If time allows, you should make a proposal for how to avoid security problems in such systems.

E. Secure operating systems (RIS)

In standard operating systems, there is usually a special privileged user, known as the Superuser or root (Unix) or the Administrator (Windows), who has universal privileges. This can lead to security breaches, if a normal user is able to obtain Superuser privileges by exploiting a vulnerability or by any other means while the system is running.

One technique proposed for increasing security is to introduce a stratified system, in which there are several levels of privilege. You are to analyse a system which uses this principle, such as LIDS or SE-Linux, and explain why it is secure. The analysis should, if possible, be based on a formal model of security, such as the Harrison-Ruzzo-Ullman (HRU) model described in Pfleeger and Pfleeger. (HRU's original analysis of Unix security could be used as a starting point.)

F. Intrusion Resistance Evaluation (RIS)

Make an investigation of a computer system to which you have access, with a view of investigating how resistent it is to intrusion by unauthorised persons. You should analyse as many aspects of intrusion as possible, including misuse of the password system, poor network security and openness to known exploits. You should make use of available methods of security analysis, including available tools for security evaluation.

Note: If you wish to do this project, you must obtain written permission from the managers of the system which you are evaluating. You should discuss the wording of this permission with the teachers on the course.

G. Secure Workflow Systems (RIS)

In an electronic workflow system, documents are handled in accordance with a so-called workflow description, which specifies how a given document is to be passed round between relevant persons in the course of some activity, such as a business process. Many software systems for business support, such as ERP systems, use workflow descriptions in order to describe the internal processes within a company.

In this project, you are required to discuss the security requirements in such a system, to discuss the threats which have to be counteracted, and to make proposals for how to meet the requirements in the presence of these threats. The discussion should cover not only traditional IT security requirements such as confidentiality (for example, that only relevant persons can read a particular document), integrity and availability, but also requirements such as non-refutability (for example that a person cannot deny having handled a particular document).

H. Efficient Crypto on Sensor Networking Platforms (SCA)

Recently, a number of sensor networking platforms have being developed for civilian and military applications. Some cryptographic primitives have been recently proposed to enable efficient and low-cost encryption on these devices. Your task is to review these solutions and to come up with an analysis and the comparison of the proposed approaches.

Links:
http://www.xbow.com

I. Secure Data Aggregation in Sensor Networks (SCA)

Recently, a number of sensor networking platforms have being developed for civilian and military applications. Because of their low-cost design, the sensors can be compromised by the attackers. Your task is to design a data aggregation system resilient to the capture of k (out of n) sensors. The goal of this aggregation system is to gather correct readings of some environmental value (e.g., moisture), assuming that there is some redundancy of the readings (sensor density is higher than the one required to collect the readings).

Links:
http://www.xbow.com

J. Advanced Encryption Standard (RRH)

Give a detailed account of the AES crypto-algorithm and implement it in one of the following languages: Standard ML, O'Caml, MatLab, or VHDL. Other "non-standard" languages may be negotiated with the course teachers. Standard languages, e.g., C, C++, and C#, will not be accepted. The report should describe considerations about the efficiency of the implmentation and a critical assessment of the performance obtained. Furthermore, the report should discuss the advantages and/or disadvantages of using a non-standard language regarding the correctness and soundness of the implementation.

K. Tools for Secure Programming (RRH)

Install and evaluate a small number of advanced research tools for secure programming. The evaluation must include exercising the tools on non-trivial programs and non-trivial safety and security properties. The report must include a comparison of the tools with respect to, at least, ease-of-use, flexibility, powerfulness, usefulness. The specific tools and non-trivial test programs are subject to specific approval by the course teachers.