SNE Master Research Projects 2011 - 2012

Wednesday Sep 21 2011, 10h15: Introduction to the Research Projects.
Nov 24, 2011, 15h00: Detailed discussion on finally chosen subjects for RP1.
Monday Jan 9th - Friday Feb 3th 2012: Research Project 1.
Friday Jan 13th: (updated) research plan due.
Tuesday Jan 17, 16h00: possibility for students to discuss problems/progress in OS3 Lab.
Wednesday Feb 8th 2012: Presentations RP1 in B1.23 @ Science.
Monday Feb 13th 9h00: RP1 - reports due

RP2:

Wednesday may 9, 2012, 10h00, B1.23 Detailed discussion on finally chosen subjects for RP2.
Monday Jun 4th - Friday Jun 29th (or Jul 6th) 2012: Research Project 2.
Friday Jun 8th: (updated) research plan due.
Monday Jun 18, 16h00 possibility for students to discuss problems/progress in OS3 Lab.
Thursday Jul 5th 2012: Presentations RP2 in C1.110 @ Science.
July 6th: RP2 - reports due (preferably not much later as holidays interfere).

Projects

Here is a list of student projects.

Find here the left over projects from last year.
and here from this year: leftOvers.

In a futile lightweight way to prevent spam
I replaced "@" by "=>" in the table.

Color of cell background:

*	darkest red = currently chosen project.
*	Light blue = project plan received.
*	Light green = presentation received.
*	Dark green = also report received.
*	Darkest green = completed project.
*	Light purple = confidentiality was requested.
*	Dark purple = presentation in june.

#	title summary	supervisor contact students	R P	1 / 2
4 N	Traffic anomaly detection using a distributed measurement network. This research focuses on the relationship between traffic anomalies and the data collected by the RIPE Atlas measurement network. Two distinct vectors of research are used: first, a ground-truth search which looks to see in what degree real-life network events reflect in the RIPE Atlas data, and second, the collected data is analyzed to find the time and location where several probes' measurements in a certain network or geographical area yield abnormal results. The ground-truth events searched are not found with a good degree of confidence in the Atlas data and the possible reasons are detailed in the paper. The data analysis uses control charts to map the deviations from the mean of each probe. Two methods for aggregating the results in a certain area are then proposed.	Emile Aben <emile.aben=>ripe.net> Razvan Oprea <Razvan.Oprea=>os3.nl>	R P	1
6 N	Advanced Metering Infrastructure. An advanced metering infrastructure (AMI) is a system of networked devices, e.g. smart (electrical) meters, and forms the basis of a so-called Smart Grid. With a Smart Grid it is possible, e.g. to match energy consumption to green energy production by, e.g., (externally) managing domestic devices, provide personalized services to consumers and even allow consumers to become suppliers of energy. For this to work requires real-time, up-to a minute, bi-directional communication between the networked devices and a robust and scalable communication network. This project consists of a literature study and designing a advanced metering infrastructure. The aim of the literature study is to explore the available smart metering technologies and to determine which of these technologies allow to build a robust, scalable and future proof Smart Grid. This is then followed by developing an architectural network design of a Smart Grid for the chosen technologies. Implementing the AMI design in a toy Monte Carlo simulation is also a possibility.	Jan Amoraal <amoraal.jan=>kpmg.nl> Vic Ding <vic.ding=>os3.nl>	R P	2
8 SN	CDN Interconnection Interconnect two CDNs (Content Delivery Networks) at TNO. The interconnection should feature at least pull-based content distribution from the Upstream CDN to the Downstream CDN, and the inter-CDN request routing to get a video file delivered from the Downstream CDN to a video client. Architecture study of CDN's. http://tools.ietf.org/html/draft-watson-cdni-use-cases-00	Ray van Brandenburg <ray.vanbrandenburg=>tno.nl> Bastiaan Wissingh <Bastiaan.Wissingh=>os3.nl>	R P	2
9 SN	Automatic end-host configuration. In most networks there is a DHCP server running to manage the address-pool. Using DNS and registration it is possible to dynamically use services. In circuit-based networks this is different. Usually a circuit spanning the globe is formed between two or more nodes that need to transport a dataset, movie-files, or perform calculations together. These nodes work together for a short period of time, and then the circuit is torn down. These networks are separated from the Internet, so there is no DHCP server, or DNS. Many gadgets already support dynamic discovery in any kind of network and service discovery is also possible in printers, or applications such as iTunes. This research project is about examining options to do address management and service discovery for end hosts in a cross-platform way. A starting point could be http://staff.science.uva.nl/~fdijkstr/publications/Link_Local_Addressing.pdf	Jeroen van der Ham <vdham=>uva.nl> Sebastian Dabkiewicz <sebastian.dabkiewicz=>os3.nl>	R P	1
13 S	Distributed Password Cracking Platform. Cracking of password hashes has many reasons. During IT audits we crack to test the effectiveness of a password policy, and during security tests we crack to further penetrate into a network. KPMG IT Advisory performs both assignments continuously and password cracking is a day-to-day activity. In order to fulfill the demands of our team to crack passwords we have a setup that consists of a CPU cluster and a GPU box. The cluster consists of ~70 CPU’s (john-MPI) with an easy to use interface for the pentesters to upload the hashes and get the results. The GPU box (5 GPU cards, many different tools) is used for specific cracks when GPU power is faster. This setup was created about 18 months ago, and has served us good in that time. However, we see opportunities that we are not using. The current setup can be further optimized, but also we would like to further integrate the GPU power into the cluster. We would like students to research how we can further extend the current setup. Key components in this research are: Cracking strategy: research cracking strategies that combine CPU and GPU cracking, dictionary, brute force and rainbow table cracking for a fixed set of hash types (to be defined) Extending cracking functionality: research ways of extending the current john-mpi cluster with nodes and tools for GPU and rainbow table cracking Integration of the two: research ways of integrating the researched cracking strategy into the newly extended cluster, in such a way that the cluster chooses the best strategy for the current load of the cluster and on the amount and type of uploaded hashes. The research is an example of combining skills of system and network engineers and with the skills of security testers. Research at KPMG IT Advisory can be challenging. We strive for the best results and therefore invest a considerable amount of time in you, to help you achieve the best. But to succeed together we require fully determined students that would like to go the extra mile. The RP topics as stated on the website are fixed but we are open to changes in the exact research approach if the student prefers. We encouraged students to come up with own ideas and approaches. During the short intake interview your are invited to bring your ideas and approaches to the table. We use the intake to select the students who will get the opportunity to perform their research project at KPMG.	Marc Smeets <smeets.marc=>kpmg.nl> Dimitar Pavlov <dimitar.pavlov=>os3.nl> Gerrie Veerman <Gerrie.Veerman=>os3.nl>	R P	1
14 S	Integrating DMA attacks in exploitation frameworks. It has been several years since the first research and tooling on firewire attacks; exploiting the use of direct memory access to read and write memory on desktops and laptops. The vulnerability is still there and several new technologies have come around that - in theory - may be prone to the same type of attack. We want students to further research this. Steps in the research can include: 1 Research the possibilities of this attacks on new techniques, e.g. Thunderbolt, HDMI, eSATA. Take into account that having DMA access in theory allows for the attack to happen. But there may be several practical issues that prevent the attack from happening (OS security measures, master-slave election in the bus unable to bypass, secure signing of devices connecting, etc). 2 Research the extend of the attack. The most common 'exploit' has been bypassing the logon screen and searching the memory for keys/passwords. But what kind of other attacks can you think of? 3 Create a Proof of Concept in one of the following ways: Design/create a software component that can be used for such attacks. The proof of concept should be modular to allow different I/O techniques to be included, and preferably should be integrated in the Metasploit framework. Design/create an 'Evil Docking Station', a docking station that - whilst looking normal - can attack an attached laptop via these. Research at KPMG IT Advisory can be challenging. We strive for the best results and therefore invest a considerable amount of time in you, to help you achieve the best. But to succeed together we require fully determined students that would like to go the extra mile. The RP topics as stated on the website are fixed but we are open to changes in the exact research approach if the student prefers. We encouraged students to come up with own ideas and approaches. During the short intake interview your are invited to bring your ideas and approaches to the table. We use the intake to select the students who will get the opportunity to perform their research project at KPMG.	Marc Smeets <smeets.marc=>kpmg.nl> Rory Breuk <rory.breuk=>os3.nl> Albert Spruyt <Albert.Spruyt=>os3.nl>	R P	1
18 N	Performance Analysis of OpenFlow Hardware. OpenFlow is a new network technology. it was developed at Stanford University, but is now gaining support from companies like Cisco, Juniper, Microsoft, Google and Facebook. OpenFlow is a form of software defined networking where forwarding tables are programmed into switches by applications. In this project you will define which OpenFlow feature(s) you want to investigate. This can be done on a simulator and/or with real OpenFlow hardware. Prerequisites are basic knowlegde of Ethernet (forwarding tables, flooding, VLANs, spanning tree) and some programming experience in Python or C++. Research Question here is: look at the fundamentals, performance, security, features that may be attractive. For more information see www.openflow.org and www.opennetworking.org.	Ronald van der Pol <rvdp=>sara.nl> Michiel Appelman <michiel.appelman=>os3.nl> Maikel de Boer <maikel.deboer=>os3.nl>	R P	1
19 F	Electromagnetic Fault Injection (EMFI) on System-on-a-Chips (SoC) / Smartcards. Fault injection techniques actively manipulate a side channel on a chip by applying short laser, voltage or clock cycle pulses. All of them are commonly used by Riscure to attack secure SoCs or smartcards. However, EMFI could be an interesting, unexplored and currently unused alternative. All hardware required for this project will be provided by Riscure. However, the student will be asked to fine tune the provided hardware and relevant parameters. Possible parameters are: Size of the coil used in the EM probe Placement of the EM probe on the surface of the chip (front / back) Distance of the EM probe to the surface of the chip Power applied to to the EM probe Decapsulated chip versus encapsulated chip Questions that could be answered by the research: Is EMFI feasible on embedded systems / smartcards? What parts of the SoC are influenced with EMFI? (CPU/RAM/ROM/FLASH) What are the advantages of EMFI compared to other fault injection techniques on SoCs / smartcards? What are the disadvantages of EMFI compared to other fault injection techniques on SoCs / smartcards? What is the most efficient configuration of the used EM probe? What are the limitations of the used EM probe? Useful information: http://www.riscure.com http://en.wikipedia.org/wiki/Electromagnetic_radiation http://en.wikipedia.org/wiki/Eddy_current http://en.wikipedia.org/wiki/Fault_injection	Niek Timmers <niek=>riscure.com> Sebastian Carlier <sebastian.carlier=>os3.nl>	R P	2
20 S	l/O Load Scheduler for Grid Mass Storage. l/O Load Scheduling on a high performance mass storage system. Investigating an l/O load problem and implementing a possible solution. Short description: SARA manages a high performance data storage system used, among other things, to store data from the LHC (particle accelerator in Switzerland). This system is comprised of a disk front end and a tape back end. Data is copied from a remote host to the disc cache and then stored on tape. Reading in data sets from tape to the disc cache and then transporting it back to a remote host also occurs. This process is referred to as data staging. A performance characteristic appears to be that it is either possible to read quickly from- or write quickly to the disc. Doing both simultaneously results in a much lower performance than 50%. A possible solution for this problem is the implementation of a scheduling mechanism in the staging process. The assignment is to investigate techniques for improving performance of the over-all process and developing a (prototype) solution for this problem. The assignment involves: Conducting research into the improvement of the staging process Suggesting possible solutions Implementing and documenting a prototype solution Giving a final report	Walter de Jong <walter=>sara.nl> Christos Tziortzios <Christos.Tziortzios=>os3.nl>	R P	1
21 SN	Bootstrapping the Internet of the Future. The design of the Internet did not account for network evolution. But since its existence, the Internet needed amendments to address problems or new protocols for new uses. The explosive increase of network devices and their increasing mobility currently threatens the stability of the Internet. Solutions to these problems, larger address space and keeping track of address locations, require changes to the network layer protocol. We developed an approach to simplify the development and deployment of network layer protocols. Our solution encapsulates the network layer protocol by a virtual machine: the NetApp. In this thesis work, we will develop a few NetApps, IPv6 and OpenFlow, that can grow with demand. We will show that NetApps can be deployed on many Clouds, and that automatically the needed arrangements are made, e.g. creating a VPN, configuring IP addresses. The student will show that IPv6 deployment, or any other network layer protocol for that matter, becomes a trivial task with NetApps.	Rudolf Strijkers <rudolf=>strijkers.eu> Mohammad Shafahi <mohammad.shafahi=>os3.nl>	R P	1
22 N	OpenDNSSEC. In the OpenDNSSEC project, the Enforcer is the component performing automatic DNSSEC key roll-overs. Rolling keys can be done in many ways. The upcoming Enforcer will be able to roll to a new key in most of those ways, independent of the state and amount of current keys. It makes sure no validator could see its zone as bogus or insecure. In order to do these any-to-any roll-overs we described the validity of a zone in a formal way. We don't expect our users to grasp the mathematical definition, but they want to know what will happen in the future. We would like to have a program that, given a configuration file, outputs a textual or graphical time line showing which resource records are published in what order, and when. The challenge is not limited to programming -contrary to the users- you will have to grasp our formal definition (and DNSSEC).	Yuri Schaeffer <yuri=>nlnetlabs.nl> Alex Kasabov <aleksandar.kasabov=>os3.nl>	R P	2
23 F	Camera Identification on YouTube. Identifying cameras used in YouTube videos by matching noise patterns. Netherlands Forensics Institute.	Marcel Worring <m.worring=>uva.nl> Zeno Geradts <zeno=>holmes.nl> Yannick Scheelen <Yannick.Scheelen=>os3.nl> Jop van der Lelie <jop.vanderlelie=>os3.nl>	R P	1
24 F	Ranking of manipulated images in a large set using error level analysis. One form of image manipulation is particularly interesting to the NFI and is called the copy & move [8] technique. The copy & move technique applies to adding or removing objects to or from an image. The error level analysis (ELA) [5] image manipulation detection technique is particularly effective in detecting this kind of forgery. ELA makes use of some of the properties of lossy image formats [4] to detect differences in quality levels between the original image and potentially modified parts within that image. The research focuses on determining whether the ELA technique can be used to, automatically, rank images in a large dataset based upon the likelihood of manipulations being present. By ranking a set of images, the dataset could potentially be reduced and in turn reduce the total amount of work needed to process the images..	Marcel Worring <m.worring=>uva.nl> Jeffrey Bosma <Jeffrey.Bosma=>os3.nl> Daan Wagenaar <daan.wagenaar=>os3.nl>	R P	1
25 N	OpenFlow. OpenFlow is a new network technology. it was developed at Stanford University, but is now gaining support from companies like Cisco, Juniper, Microsoft, Google and Facebook. OpenFlow is a form of software defined networking where forwarding tables are programmed into switches by applications. In this project you will define which OpenFlow feature(s) you want to investigate. This can be done on a simulator and/or with real OpenFlow hardware. Prerequisites are basic knowlegde of Ethernet (forwarding tables, flooding, VLANs, spanning tree) and some programming experience in Python or C++. Research Question: implement spanning tree alike protocol in a network of switches. For more information see www.openflow.org and www.opennetworking.org.	Ronald van der Pol <rvdp=>sara.nl> Iwan Hoogendoorn <Iwan.Hoogendoorn=>os3.nl> Joris Soeurt <joris.soeurt=>os3.nl>	R P	1
26 FS	Content grouping algorithm. GOVCERT.NL constantly monitors hundreds of web sources to acquire more insight into current threats. A 24/7 watch tool scans the internet for digital threats and vulnerabilities in software and operating systems. Based on the acquired information, GOVCERT.NL publishes various products. We designed a tool called Taranis to support the work flow of this task. Every day, we check approximately 900 sources. Relevant news items and e-mails are analyzed. The task of analyzing news items could be greatly reduced by automatic grouping of similar news items. Google News uses a proprietary algorithm to perform such a task. Developing software to detect similar news items is not a straightforward task. Investigate previous work done on this subject and develop an open algorithm for content grouping. A working proof-of-concept would be a pre. Integrating such algorithm in Taranis is not a part of this project. More general information about Taranis: http://www.govcert.nl/english/service-provision/ICT+risk+alert/taranis	Bart Roos (GOVCERT.NL) <bart.roos=>govcert.nl> Jop van der Lelie <jop.vanderlelie=>os3.nl> Rory Breuk <Rory.Breuk=>os3.nl>	R P	2
29 N	DNS-Based Authentication of Named Entries (DANE). The DNS-Based Authentication of Named Entries (DANE) extension for the Domain Naming System (DNS) is currently being drafted by the IETF. This allows for inserting Secure Sockets Layer (SSL) and Transport Layer Security (TLS) certificates [1] (or their fingerprints or public key) into DNS using so-called TLSA resource records. By using the existing DNS Security Extentions (DNSSEC) chain, this data can be proven to come only from the administrator of the DNS zone [2]. Thereby validating the certificate. This project aims to identify the amount of current certificates that could experience problems, and how these could be prevented or mitigated, when deploying DANE. The Electronic Frontier Foundation (EFF) has a collection of all certificates and certificate chains found on the Internet. A subset of these will be used to create TLSA records with different options set, these will then be validated. Another item that could be researched is the implementation of the current specification (version 12) in DNS authoritative and recursive servers and how they handle certain situations, e.g. CNAME records (aliases) and multiple of the same TLSA records.	Bert Hubert <bert.hubert=>netherlabs.nl> Pieter Lexis <pieter.lexis=>os3.nl>	R P	1
30 SN	Securing an outsourced network: Detecting and preventing malware infections. With the rise of outsourced IT service management, client security is increasingly difficult to manage for IT security departments. Outsourced IT may comply to internal security standards, but often there is a mismatch between the security standards of the service provider and the client. IT requirements may change quickly due to technical and business evolution, but service level agreements and other contracts remain static over time. This situation may result in a situation where clients run old and insecure configurations. Another upcoming trend with bigger security management challenges is the 'bring your own device' concept. User's may bring and use their own device to connect to the business IT network and use it for work purposes. In these cases, the user is responsible of maintaining the device and manage its security. In both cases, there is a high risk of getting infected with malware. These infections can be caused by various causes such as drive-by downloads and rogue applications that are installed by users. Can these malware infections be detected and prevented from within the infrastructure of the business that has outsourced their IT or that allows 'bring your own device'?	Ewout Meij <ewout.meij=>external.t-mobile.nl> Dennis Cortjens <dennis.cortjens=>os3.nl> Tarik El Yassem <Tarik.ElYassem=>os3.nl>	R P	1
40 SN	Green computing in IEEE 802.3az enabled clusters Energy efficiency is an important requirement for computing and communication systems. In order to construct a green computing system, we have to understand the energy consumption behavior of both the low level infrastructure and the application models. The Energy-Efficient Ethernet [1] enhancements have led to the IEEE 802.3az [2] standard which has now been adopted by several network/Telcom device vendors. However, how to achieve the system level energy saving by using the 802.3az is still a challenging issue. In this project, we will focus on the following two questions: How does 802.3az standard affect the energy consumption in Ethernet? How to schedule the application execution with awareness of 802.3az? The test bed will be a test cluster connected using a S1700 switch [3] from Huawei. The student(s) should 1) measure the energy consumption of the switch as well as the whole system using different patterns of communication loads, 2) compare the energy behavior of the communication loads between 802.3az compliant and normal switches, and 3) discover how to integrate the 802.3az features in a more general green scheduling strategy for computing. Energy Efficiency Ethernet: http://en.wikipedia.org/wiki/Energy-Efficient_Ethernet IEEE 802.3az: http://www.ieee802.org/3/az/index.html Device: http://market.huawei.com/hwgg/enterprise/u-channel/pdf/S1700.pdf	Zhiming Zhao <z.zhao=>uva.nl> Paola Grosso <p.grosso=>uva.nl> Joris Soeurt <joris.soeurt=>os3.nl> Dimitar Pavlov <dimitar.pavlov=>os3.nl>	R P	2
41 SN	Torrent monitoring & statistics. During the Easter weekend some SNE researchers performed measurements on Bittorrent traffic, specifically to find out whether the blockage of The Pirate Bay had any effect on specific ISPs. The result was a quick report to show that there was no significant effect. See: http://ext.delaat.net/news/2012-04-13/dutchpirate.pdf We would like to continue improving these measurements and the statistics calculation. We would also like to try figure out a way to perform measurements without uploading and downloading. Would it be possible to create a sort of live view? What other things should we look at when considering network transparency in the Netherlands? What tools are needed to monitor that?	Jeroen van der Ham <vdham=>uva.nl> Hidde van der Heide <hidde.vanderheide=>os3.nl>	R P	2
43 F	Security Audit Tool. As part of annual accounts IT Audits are executed to gain assurance on the integrity of the information that forms the annual statement of accounts. This information is accessible from an application layer, but also from a database layer. An audit focusses on different parts of the infrastructure to get sufficient assurance on the integrity of information. Different parts of the infrastructure are dependent on each other and because of this there is correlation possible between the different layers. This research project focusses on the correlation between different infrastructure layers and the automation of performing an IT audit. By making use of reporting tools like QlikView, we would like to create a PoC to verify if specific audit approaches can successfully be automated.	Coen Steenbeek <CSteenbeek=>deloitte.nl> Derk Wieringa <DWieringa=>deloitte.nl> Martijn Knuiman <MKnuiman=>deloitte.nl> Marc Buijsman <Marc.Buijsman=>os3.nl>	R P	2
46 N	Multipath TCP. Multipathing can be done on L3 with Equal Cost Multipathing (ECMP) or on L2 with TRILL or SPB. In these cases multipathing is usually done based on flows by calculating a hash (including e.g. Ethernet addresses, IP addresses and TCP/UDP port numbers) of the packets. Flows with the same source and distination follow the same path. This works well when the traffic has many different flows. However, in large data e-science applications there are typically only a few flows and hashing does not spread the load evenly along the interfaces in those cases. In this project two alternative technologies will be investigated: multipath TCP (MPTCP) and GridFTP. MPTCP works for all applications by spreading the application byte stream over multiple interfaces. GridFTP is an application that can use multiple interfaces to FTP an file from A to B. Students will evaluate and compare the performance of both technologies (separate and in combination) in a local 10GE testbed (and possibly 40GE local and 10GE wide area testbed).	Ronald van der Pol <rvdp=>sara.nl> Gerrie Veerman <gerrie.veerman=>os3.nl>	R P	2
47 N	Time Sensitive Application Transport. Time-sensitive data transport, such as that required by e-medicine or real-time video streaming, is dependent on minimal jitter and delays. There is an ongoing discussion in the NREN community as to which base technology, TDM or packet, is best suited for time-sensitive datatransfer. In addition, all NSI demonstration networks have been stumbling over Ethernet limitations in respect of switching and scaling. The community, therefore, needs to look at better technologies such as OTN, PBB and MPLS-TP for these services. Some of the typical transport vendors, such as Ciena, Alcatel-Lucent, Nokia Siemens and Huawei, are beginning to offer such services, and the main commercial service suppliers are also adopting this path. This sub-task will study which technology is best suited to handling time-sensitive data transport in various conditions, e.g. normal operation, during link failure and during high load conditions.	Cees de Laat <delaat=>uva.nl> Paola Grosso <p.grosso=>uva.nl> Erik-Jan Bos <Erik-Jan.Bos=>UvA.nl> Mohammad Shafahi <mohammad.shafahi=>os3.nl>	R P	2
53 FN	Secure online banking on unsafe computers? (combination of ABN Amro and Deloitte) When you want to use the Online Banking application of ABN Amro over the internet using an unknown or Internet café computer you will never know how safe and secure the computer and network is. Customers are interested in solutions that will allow them to perform Online Banking safely in a hostile environment. Technologies and concepts such as sandboxing could be an option to improve security, but are not always considered user friendly or secure. For this research ABN AMRO and Deloitte are interested in user friendly online solution for insecure environments that allow secure online banking. For example, how can we make sure that users can perform secure online banking while using insecure systems and networks.	Martijn Knuiman <mknuiman=>deloitte.nl> Christos Tziortzios <Tziortzios =>os3.nl>	R P	2
54 FN	Secure embedding of external content. (combination of ABN Amro and Deloitte) On many large websites the content of a website is not provided by a single server or even a single company. For companies like the ABN AMRO it is vital for the security of the website that all content comes from trusted sources. But what if you would like to incorporate data from a less trusted source? During this research project you will work together with the ABN AMRO and Deloitte to find out what kind of solutions are available to create trusted content from untrusted content. Technologies like web application firewalls, reverse proxies, virus scanning and Intrusion Detection Systems will have to be taken into account to find the best solution for the job.	Martijn Knuiman <mknuiman=>deloitte.nl> Coen Klaver <coen.klaver=>nl.abnamro.com> Coen Steenbeek <CSteenbeek=>deloitte.nl> Steven Raspe <steven.raspe=>nl.abnamro.com> Alexandre Miguel Ferreira <Alexandre.MiguelFerreira=>os3.nl>	R P	2
57 N	RIPE Atlas IPv6 measurements: Reachability and annoyances. With World IPv6 Launch on June 6th this year, we (the network community) consider the IPv6 protocol as mature and stable as IPv4 that served us well the past 20+ years. Unfortunately, transition from IPv4 to IPv6 is not as effortless as hoped for, and many smaller and larger glitches are making a painless IPv6 deployment difficult. The RIPE Atlas infrastructure offers a huge monitoring infrastructure of about 1500 probes, see http://atlas.ripe.net/. With these probes simple measurements can be instrumented to monitor the network from many vantage points. Recently, user defined experiments can also be executed on the Atlas infrastructure. In the project, student can design and analyse a number of Atlas experiments to study IPv6 reachability and problems (the annoyances), for example MTU problems and IPv6 fragments. http://www.nlnetlabs.nl/	Benno Overeinder <benno=>nlnetlabs.nl> Maikel Boer <maikel.deboer=>os3.nl> Jeffrey Bosma <jeffrey.bosma=>os3.nl>	R P	2
60 NF	Social media crawling. In the last few years, much attention has been given to the public exposure of individuals via social networks. This has lead to some awareness with end users, who have started to limit the exposure of their personal information to the (public) world wide web. However, the social networks still contain a wealth of information for third parties. A previous OS3 research project (http://cees.delaat.net/rp/2010-2011/p13/report.pdf) about this subject proved that it is possible to plot the mappings between users of different social networks, and together reveal more info. It also proofed that public data on social networks can be crawled on a large scale. But within the topic of social networks there still is a lot more to research. In this project the candidate(s) should focus on further harvesting of data from social networks via publicly available sources. One of the possibilities to do this is by the creation of zombie profiles, which are fake profiles created for the purpose of information crawling. By automating the creation of these profiles and becoming part of a friend-circle, a lot of personal information can be crawled. Another approach would be to improve the profile matching algorithm of the data crawlers created in the previous research. The exact approach will be defined in the in the first week of the project. Research at KPMG IT Advisory can be challenging. We strive for the best results and therefore invest a considerable amount of time in you, to help you achieve the best. But to succeed together we require fully determined students that would like to go the extra mile. The RP topics as stated on the website are fixed but we are open to changes in the exact research approach if the student prefers. We encouraged students to come up with own ideas and approaches. During the short intake interview your are invited to bring your ideas and approaches to the table. We use the intake to select the students who will get the opportunity to perform their research project at KPMG.	Marc Smeets <smeets.marc=>kpmg.nl> Yannick Scheelen <yannick.scheelen=>os3.nl> Daan Wagenaar <daan.wagenaar=>os3.nl>	R P	2
61 SN	Fault injection on low power embedded microcontrollers. Fault injection attacks can accomplish things that logically cannot be achieved while attacking embedded systems. At the same time is it a pre-requisite for many attacks to gain access to the code or obtain runtime control before other attacks (such as side channel analysis) can be applied. Most common microcontrollers these days include features designed to protect the internal code from extraction, which prevent access to the code for further analysis. It is expected that through fault injection these features can be circumvented. An example of such a microcontroller is the MSP430, where the code can be accessed via the JTAG or BSL interface, which both can be protected or disabled. During this project the focus will be mainly on bypassing the protection of the BSL, due to its simplicity. The goal of this project is to: create a voltage glitching setup aimed to bypass the code protection features of the MSP430 the hardware setup will be provided by Riscure the "test application" will be mainly developed by the student influence of different types of voltage glitches on the code protection features, such as: spikes to low voltage spikes to high voltage long duration threshold voltage dips gain better understanding on how and when to apply different glitch techniques succesfully bypassing the BSL protection of the MSP430 The following deliverables are requested from the student: A clear and consise scope of the project A clear description of performed tests and their results Recommendations for future testing Reference: http://events.ccc.de/congress/2008/Fahrplan/attachments/1191_goodspeed_25c3_bslc.pdf	Niek Timmers <Timmers=>riscure.com> Albert Spruyt <Albert.Spruyt=>os3.nl>	R P	2

Presentations-rp1

Wednesday feb 8th in room B1.23 at Science Park 904 NL-1098XH Amsterdam.
Program:

09h30	#	Cees de Laat	Welcome, introduction.	RP	#stds
09h35	25	Iwan Hoogendoorn, Joris Soeurt	OpenFlow.	1	2
10h00	18	Michiel Appelman, Maikel de Boer	Performance Analysis of OpenFlow Hardware.	1	2
10h25	27	Fred Wieringa	IPV6 risks and vulnerabilities.	1	1
10h45	6	Vic Ding	Advanced Metering Infrastructure.	2	1
11h05		*	Pauze
11h15	19	Sebastian Carlier	Electromagnetic Fault Injection (EMFI) on System-on-a-Chips (SoC) / Smartcards.	2	1
11h35	21	Mohammad Shafahi	Bootstrapping the Internet of the Future.	1	1
11h55	20	Christos Tziortzios	l/O Load Scheduler for Grid Mass Storage.	1	1
12h15	29	Pieter Lexis	DNS-Based Authentication of Named Entries (DANE).	1	1
12h35		*	Lunch
13h30	9	Sebastian Dabkiewicz	Automatic end-host configuration.	1	1
13h50	4	Razvan Oprea	Traffic anomaly detection using a distributed measurement network.	1	1
14h10	23	Yannick Scheelen, Jop van der Lelie	Camera Identification on YouTube.	1	2
14h35	24	Jeffrey Bosma, Daan Wagenaar	Ranking of manipulated images in a large set using error level analysis.	1	2
15h00		*	Pauze
15h15	14	Rory Breuk, Albert Spruyt	Integrating DMA attacks in exploitation frameworks.	1	2
15h40	13	Dimitar Pavlov, Gerrie Veerman	Distributed Password Cracking Platform.	1	2
16h05	30	Dennis Cortjens, Tarik El Yassem	Securing an outsourced network: Detecting and preventing malware infections.	1	2
16h30		Cees de Laat & OS3 team	Evaluation.
16h35		*	End

Presentations-rp2

I hereby would like to invite you to the annual RP2 presentations, where the SNE students will be presenting their research. Considering the wide variety of presentations the day promises to be very interesting, and we hope you will join us. At the end of the day there will be time for drinks and discussion. No need to register.

Thursday July 5 th, 2012, room C1.110 at Science Park 904 NL-1098 XH Amsterdam.

Program:

09h30	#	Cees de Laat	Welcome, introduction.	RP	#stds
09h40				2	1
10h00				2	1
10h20				2	1
10h40				2	1
11h00		*	Pauze
11h15				2	1
11h35				2	1
11h55				2	2
12h25		*	Lunch
13h30				2	1
14h50				2	1
14h10				2	2
14h40		*	Pauze
15h00				2	1
15h20				2	1
15h40				2	2
16h10		Cees de Laat & OS3 team	Closing.
16h20		*	Borrel in SNE lab

Objective

The course objective is to ensure that students become acquainted with problems from the field of practice through two short projects, which require the development of non-trivial methods, concepts and solutions. After this course, students should be able to:

Transform a roughly outlined problem into a carefully defined research question, supported by some level of reading up on the topic.
Establish a feasible project schedule for answering the question.
Conduct autonomous research to answer the question at hand, using literature searches, studying, experimentation and/or the development of software and hardware.
Present solutions to a diverse audience (experts as well as non-experts).
Defend solutions in debates.
Provide an appropriate report

Process

Some simple rules for selecting and completing RP's:

You can select a RP1 from the entire list. Choose subjects that relate to courses already followed.
You can have no more than 2 re-sits from block 1 - 4 pending when you are choosing your RP2 subject.
You must complete RP1 before starting RP2.
Forensics track students have to choose for RP2 a subject with a "F" label.
Network track students have to choose for RP2 a subject with a "N" label.
Part time students have to do their RP2 in their 2nd year, preferably in june.
Students working in pairs must be at same level (both RP1 or both RP2).
working alone or in pairs
- Preference for pairs because:
- students can help each other when one gets stuck in a problem...
- investigate more solutions in parallel
- learn to collaborate
- contribution of each student must be clear in report and presentation
- However, doing an RP alone is also allowed
- At the presentations pairs get 30 minutes, singles get 20 minutes.
Feedback during RP
- During both RP1 as RP2 a voluntarily group meeting on the third monday afternoon 16h00.
- - If that monday is a holiday, that meeting will be on the third tuesday.
- Purpose is to exchange progress information and discuss potential or real encountered problems.
fifth week
- Presentation will be on thursday, report must be submitted by friday of the fifth week.
- Optionally week 5 of the RP in June is available to continue and finish research.
RP order
- A student must successfully complete RP1 before starting RP2.
- RP1 and RP2 can be done arbitrarily in January or June.
- If failed for RP2, it is allowed to redo a RP2 at any time.
Evaluation
- Advise from the supervisor about the research done on location.
- Advise on presentation and report is welcome.
- this information must be delivered by supervisor before end of fifth week.
- report and presentation are evaluated by the OS3 team.
- Marks for presentation are determined before end of fifth week.
- Evaluation and if needed corrections of report can take up to 6 weeks (pending holidays in july.
- If rest is positive there is an opportunity to correct the report.
- average and the mark for report must be 6 or more and the other marks must be more than or equeal 5.
Publication of results
- the marks will be posted on blackboard.
Colloquia
- We aim to schedule colloquia about research in computer science to give more context for the RP's.
Communication
- All communication happens using email addresses from either OS3 or UVA.
Faculty process:
- When applying for a bachelor or master certificate the student must submit an approved copy (with a mark 6 or higher) of the student’s bachelor or master thesis. Students are requested to submit their thesis for two reasons:
  • De Faculty is obliged to register all theses in order to be - amongst others - accountable for the standard and assessment of its theses to the visiting Quality Assessment Committees of the disciplines.
  • The theses can be a source of information to students and teachers.
- These rules and regulations are applicable to all bachelor- and master theses submitted to the archives of the Faculty of Science. The student hands in the thesis at the Education Office when applying for a certificate.
- The supervisor of the bachelor- or master final research project (and/or the Board of Examiners) may demand that the student hands over one or more hard copies of the thesis. This will be agreed on at the start of the final research project.
- When applying for the certificate the student submits a digital copy of the thesis of the final research project. The student has to take care that this copy is either in PDF or Word (and not a mix of both for e.g. separate parts of the thesis, cover, index, appendices).
- The supervisor of the final research project must take care of two things:
  • The supervisor has to indicate whether the copy that is submitted is the true version that has been concluded with a satisfactory result
  • The supervisor has to indicate (in agreement with the student) whether the thesis contains confidential information, and therefore must not be submitted to the - public – catalogue of the library. These theses will only be registered confidentially.
- The Education Office only provides diplomas to students who have submitted a Thesis. Please note the role of the supervisor.
- The Education Office sees to it that the approved document will be filed by the library of the Faculty of Science. The thesis will be stored on the faculty’s server, which also takes care of a back-up.
- The library transfers the thesis to the on-line catalogue (UvA-DARE), unless the supervisor has indicated that there are strong objections against it because of its confidential character.
- A student may decide not to actively contribute to publication on the internet. For that reason the student may request the Education Office not to publish the thesis, and the thesis will only be registered in the Faculty’s archives.
- This procedure will be published on the programme website (<http://www.student.uva.nl>).
- You will find the procedure attached (PDF).

TIPS

Make a formal scientific report front page (not: This ia a consultancy report...)
Check English spelling
it is always: "bla bla, which" or "bla bla that", so not "bla bla which" or "bla bla, that"
be careful when using it's, it is, etc. It is the cat that was castrated. Its balls are on the table.
when using it's or their or which or this, make sure it is clear to what it points.
make complete sentences.
do not add several sentences together separated with commas.
it is always "However,"
use formal language: "one can" in stead of "you can"
check for stupid errors like of <-> off
structure report, numbering, etc.
read: http://en.wikipedia.org/wiki/Scientific_method

Project Proposal

Suggested project proposal format (to be delivered end of week 1) can be a subset of:

Title, names
Introduction
Research Questions
Related work
Scope, what is in/out of scope given limitations
Approach & Methods
Requirements, what equipment or software is needed
Planning
Expected products, tools, proof of concepts, results
References

Total max 4 pages.

SNE Master Research Projects 2011 - 2012

Contact

TimeLine

Projects

Traffic anomaly detection using a distributed measurement network.

Advanced Metering Infrastructure.

CDN Interconnection

Automatic end-host configuration.

Distributed Password Cracking Platform.

Integrating DMA attacks in exploitation frameworks.

Performance Analysis of OpenFlow Hardware.

Electromagnetic Fault Injection (EMFI) on System-on-a-Chips (SoC) / Smartcards.

l/O Load Scheduler for Grid Mass Storage.

Bootstrapping the Internet of the Future.

OpenDNSSEC.

Camera Identification on YouTube.

Ranking of manipulated images in a large set using error level analysis.

OpenFlow.

Content grouping algorithm.

DNS-Based Authentication of Named Entries (DANE).

Securing an outsourced network: Detecting and preventing malware infections.

Green computing in IEEE 802.3az enabled clusters

Torrent monitoring & statistics.

Security Audit Tool.

Multipath TCP.

Time Sensitive Application Transport.

Secure online banking on unsafe computers?

Secure embedding of external content.

RIPE Atlas IPv6 measurements: Reachability and annoyances.

Social media crawling.

Fault injection on low power embedded microcontrollers.