T-110.5230 Special course in Practical Security of Information Systems P (4 cr)

Selecting a topic


Some considerations for choosing a topic

  • Your own topic is preferred (but not required for a good grade)
  • Difficulty of your topic affects grading
    • If you choose a topic that has already been done (e.g. 802.11 security), try to find a new perspective, or try to improve existing tools, or to make the topic otherwise more challenging and interesting
    • Effort should be consistent with two people working for about 3 full-time weeks each.
      •
  • Can you find three vulnerabilities related to the topic?
    • Selecting the vulnerabilities depends on your topic. In some topics, the vulnerabilities might be sequential steps to accomplish an overall goal, while in others it may be more relevant to try the same exploit against multiple targets, or using different parameters, etc
    • Combination attack, i.e. three vulnerabilities leading to a larger overall vulnerability, is often more interesting
      •
  • Your attacks must have a realistic chance of succeeding
  • Do you have the equipment and permissions you need to actually carry out the attacks?
    • Remember - the course cannot provide these for you
      •
  • Overlap with other course participants?
    • Rule of thumb - max. 2 pairs / topic
      •
  • Company-sponsored and confidential topics are possible
    • Special arrangements, talk with course staff separately
      •

Example topics

The following list illustrates various categories of topics, and examples under each sub-topic. To make an actual course topic, you need to scope down the topic for your work -- choose particular aspects of the topic for a practical attack.

 

  • Protocols
    • Connection hijacking (TCP or other) and man-in-the-middle attacks (software or hardware)
    • Cracking cryptographic primitives
    • Admin security tools (Samhain, libsafe, tcpwrappers, tripwire, ...)
    • Crack tools, toolkits and sniffers
    • Social engineering
    • Biometric authentication
      •
    • Cryptographic protocols: SSL/TLS, SSH1/SSH2, IPsec, IKEv1, IKEv2, L2TP+IPsec, open source VPN protocols, Kerberos
    • Authentication protocols: RADIUS, Diameter, TACACS
    • Peer-to-peer protocols: BitTorrent
    • Databases / directories: LDAP, Active directory, SQL
    • Older Internet protocols: HTTP, DNS, FTP, SMB, NFS, IMAP, POP
    • Mobility protocols: Mobile IPv4, Mobile IPv6
    • Routing protocols: RIP, OSPF, BGP
    • Link protocols: IEEE 802.11 (wireless LAN), Bluetooth
    • GPRS
      •
  • Protocol implementations
    •
    • Basically any implementation of an important or interesting protocol
    • Both server and client software is OK
    • You may take multiple implementations of the same protocol (e.g. IPsec in Windows XP, and two other implementations)
      •
  • Hardware
    •
    • Printers, digital cameras, scanners, and other peripherals
    • Tamper-proof devices (smartcards, USB tokens): electromagnetic leaks, timing attacks, dismantling smart cards
    • Side channel attacks (timing, acoustic, heat, power consumption, etc) against PCs, smart cards, or other hardware devices
      •
  • Operating systems and core services
    •
    • Microsoft platforms: Windows XP/2003, Windows Mobile
    • UNIX platforms: Linux, *BSD
    • Mobile platforms: Symbian
    • Virtualization technologies: VMware, Xen, User Mode Linux
      •
  • Products
    •
    • Basically any commercially available (e.g. networking) product
    • Routers, firewalls, 802.11 access points, digital TV decoders, ...
      •
  • Application software
    •
    • P2P clients and servers
    • Audio and video players, codec libraries (cf. WMV trojans)
    • Mail clients, web browsers, etc.
    • Software vulnerabilities in widely used or critical components are good topic candidates
      •
  • Web
    • HTTP, CGI, Java, JavaScript, ActiveX, web browsers and servers
      •
  • Miscellaneous
    •

Topic reservation

Topic reservation starts after first lecture, and is finalized during the second lecture. After the first lecture:

  • Look at the topic list and brainstorm for your own topics
  • Once you have decided which topic(s) would be most suitable for you, send e-mail to the course address, describing
    • Who you are (the pair)
    • The topic(s) (from the list, or your own)
    • Some more detail on what you would like to do under the topic heading
    • If you choose your own topic, describe it in a bit more detail
      •
  • The list of topics is updated on the Topics and groups page.
  • Final confirmation of topics on the second lecture
  • Also select a backup topic in case the primary topic has been selected by too many pairs!
    •

If you feel strongly about a topic, try to reserve it early. If it's already reserved by two pairs, we can try to adjust the reservations on the second lecture. Remember to come to the second lecture with both a primary and a backup topic!

Feel free to contact us if you have difficulty in finding or scoping a topic.