Student Projects

Several people have asked me to suggest student projects based on the ideas in the manifesto.

We don't just need programming skills to change the Internet. The Internet has a billion users, we need to consider the economic factors in order to make change. We need to get the usability engineering right. Consequently, many of these projects could be turned into an economics or usability project.

If you decide to work on these projects, please let me know and I will add a link to your project page if you have one.

Student projects can change the world: in 1993 the World Wide Web phenomenon started with a browser that was essentially a student project at NCSA. Mosaic was not the first Web browser by a long way but it was the one that began the breakthrough. Mosaic had that effect because the usability factors were right - Mosaic was the first Web browser that worked out of the box rather than requiring a day of debugging, it was the first to have a professional look and feel.

I have included references to sections of the dotCrime Manifesto (dCM) but these should be taken as the starting point for a design rather than a mandate.

Build Projects

If we are going to secure the Internet we need to build the tools to put ideas into practice. These projects should all be suitable for final year projects or group projects for a number of students.

Note that while I have written open source code and many of the resources I point to are open source, this does not mean that there is no value in working from proprietary systems.  I give open source resources because these provide the quickest start. If there is a thunderbird extension available, please consider developing an extension for Outlooor Notes k rather than producing a second one for the sake of it. There are important skills to be learned through both approaches. If you become a programmer you will inevitably find yourself in situations where you have to work with a system where you either don't have the source or find it unreadable.

Reverse Firewall (Programming)

Objective

Develop a reverse firewall (dCM Ch. 9) for use in a residential or enterprise environment. Evaluate the effectiveness and user impact of different reverse firewall rules. Consider how the rules might need to be adapted over time as applications such as video on demand and online gaming are deployed.

All network protocols have control elements and data elements. It is my hypothesis that while increased end user activity leads to increased demand on both, the demand on the data channel accelerates at a much faster rate than the demand on the control channel.

Resources

Many WiFi routers are based on open source operating systems. The Linksys WRT54G appears to be the current favorite for modding projects but it is not the only option. One important caveat to bear in mind is that consumer appliances are not designed for use as a development testbed and may not survive repeated attempts to program the flash memory. A desktop Linux box is likely to provide a more robust development environment.

Experiments

• What are the characteristics of typical residential, commercial, educational Internet use?
• Which characteristics provide the most leverage when implemented in a gateway device with limited computing power?
• How does a reverse firewall affect the value of a bot on the underground market?
• What impact does your reverse firewall have on a residential user? a gamer? a mail server? a university department?
• How might the IPv6 transition affect your solution?

IPv6 Transition-Box (T-box) (Programming, Economics)

Objective

The Internet as originally designed only has room for 4 billion users. We currently have over a billion users and we are running out of IPv4 address space really fast.

Develop a network gateway device that transparently supports transition to IPv6 without any end user intervention.

In order for the transition to be genuinely transparent it must be possible for IPv4 and IPv6 to co-exist on the network side of the gateway. The device must be capable of working when it has an IPv4 address assigned or just IPv6 access and some form of IPv4 via a NAT.

Resources

The IETF has discussed IPv6 extensively, various assertions have been made to the effect that this is a solved problem. I strongly suspect that the planned IPv6 outage at the Philadelphia IETF is going to demonstrate that this is not the case.

Experiments

• Test as many Internet applications as you can, what types of application work, which do not?
• Suggest ways to design Internet applications that would assure correct opperation when behind a T-box.
• (Economics) Find as many IPv6 transition plans as you can. These should include the 'flag day' when everyone changes to IPv6 immediately, hyperNAT in which ISPs share a single IPv4 address amongst many users. Consider the economic consequences of each. What are the incentives for the adopting parties?

Incident Handling

Objective

Implement a peer to peer incident handling protocol (dCM Ch. 9).

PINCH is a proposal I made to implement the IETF INCH protocol in a peer to peer fashion. When a site received an attack purportedly from IP address X it would discover an incident reporting service using SRV records in the reverse DNS.

Resources

IETF INCH. Also consider how you might advertise an incident reporting mechanism for attacks against DKIM.

Experiments and further work.

• Set up a honeypot network, collect incidents from it
  • What does the information tell you about the attack
  • How can you use it to effect a response
• Denial of service attacks frequently involve spoofed source address packets, how might these be addressed?
  • How can you use network topology to identify a party that may be usefully informed?
• Attackers may make malicious incident reports and attempt DDoS attacks on the incident handling servers
  • How might you address this problem.

Usable Email Security Client

Objective

Extend an existing mail user agent (MUA) to provide usable security features (dCM ch 13).

The client might be a desktop client or a Webmail service. Secure letterhead features might be implemented via the PKIX logotype mechanism or be supplied by an external feed.

The minimum components you would need to implement an edge-only client are a DKIM signature verification module, an automatic configuration module using DNS SRV records and a key discovery module. To implement a full end-to-end model you would need to add an XKMS client.

Resources

My platform of choice for this would probably be Mozilla Thunderbird, the code is open source, there is a large user base and it supports a plug in architecture. The only downside to this approach is that the component model is pretty ferocious and intollerant of the slightest mistake. Implementing DKIM efficiently will require a code component.

Experiments

• (Usability) How do users react to your email client, are the security features
  • Easy to understand?
  • Intrusive?
  • Effective?
• (Security) How do the usability features affect the security of the client?
  • Do they create new opportunities for the attacker?
• (Design) Design a protocol for registering and managing end user keys based on XKMS or WS-Trust

Usable Email Security XKMS Server

Objective

Build an XKMS server to support the Usable Email Security Client.

The first stage would be to support key registration and discovery. This would allow the end user to generate a public key pair on their client and register it with the XKMS service.

The second (harder) stage would be to develop an XKMS validate service that  is capable of collecting data from a complex X.509 PKIX based infrastrucure such as the US government federal bridge CA.

Resources

XKMS is a W3C standard.

There are many Web Services resources around. You may wish to take a look at the Higgins project which I am told supports some XKMS protocol features. It also supports WS-Trust.

Experiments

• What was missing from the specifications documents?
• Analyze the security of your design
  • What components are trusted? How is this trust assured?
  • How is communication with the service bootstraped?
  • How might an attacker introduce a bogus key
• Exchange signed, encrypted email with the federal bridge

Unified Identity Server

Objective

Build a unified identity server (dCM Ch 14-15).

Extend an existing email, instant messaging and VOIP application to make use of the identity server.

Implement systems to import social networking data from existing sources (linked in, FOAF etc).

Develop a mitigation strategy for unwanted communication (spam, non-priority).

Resources

The OpenID, SAML and CardSpace communities all have developer networks. They are the best place to start from.

Experiments

• How effective is the use of social networking to mitigate spam?
• (Economics) Design a strategy to break a proprietary lock-in effect in a social network
  • Test it

Domain Centric Administration

Objective

Implement a domain centric administration server and clients.

Enable existing legacy applications and appliances to automatically configure themselves.

Resources

For a first pass implementation I would use either Linux or Windows Server as the base. Using Windows server would allow for the rather interesting possibility of using a Windows Home Server as the hub of a home network.

Experiments

• Compare the domain centric approach to peer-to-peer approaches such as uPNP and Bonjour
  • What are the scaling properties for networks of 10, 100, 1000 machines?
  • How practical are the architectures in a home environment? enterprise environment?
• The network should continue to run even when a server fails
  • Design a quorum based protocol (c.f. DEC-Cluster) to support transparent fallover

Default Deny Infrastructure

Objective

Implement a Default Deny Infrastructure.

Develop a maintenance tool that allows an administrator to quickly configure existing network devices and computers by creating an installing a device certificate tied to the MAC address.

Develop a systems operation console for the home or the enterprise. The console must detect the addition of a new device, authenticate it, determine if it is in the authentication database, determine the policy rules to be deployed, push them out to the hubs and routers.

Resources

The main network authentication protocol that is emerging is 802.1X.

Experiments

• (Usability) How long does it take to configure a machine?
• (Usability) Could a consumer be expected to do this?
• (Robustness) How does your network cope when a machine fails?
  • Is the failure detected?
  • Is a remedy applied?

Parametric Device Driver

Objective

Develop a device driver for Windows, OS/X, Linux that supports a wide range of similar devices using a device profile provided by the machine.

Ideally it should be possible to support all three operating systems using a single, declarative device description that could be provided by the device itself, either directly or by (URI) reference.

Resources

The Semantic Web is likely to provide a lot of useful support here. You will need to develop an ontology of device characteristics, and capabilities. The ontology must be adaptable over time as new capabilities emerge (e.g. 1, 3, 6, 12 color printers)

Experiments

• (Economic) Consider the economic model for parametric drivers, who benefits, who might lose?

NAT Compatible Video Conferencing

Objective

Develop a Video Conferencing application that actually works through a NAT box without requiring specific configuration of the NAT box (e.g. forwarding of specific ports) or bridging through a NAT-free peer. You may use an external server to establish a communication session but not once the session is established.

The protocol should allow multiple computers behind the same NAT box to have open sessions at the same time. The protocol must work when the NAT box implements stateful inspection filtering.

Extend the protocol to add security enhancements (authenticity, confidentiality).

Resources

H.264 has become the defacto standard for next generation compression, although it is encumbered there are open source toolkits for it (obdisclaimer, I take no responsibility for the licensing).

Experiments

• (Usability) Set up a video conference session with a relative who is at least 60, has no specific computer expertise and is situated at least 1000 miles away at the time. The only communication tools you may use are a telephone, Web browser and your application. You may not assume that there is a direct IP connection at either end.
• (Usability) Have your relative call a third person.

Design Projects

These projects are similar to the build projects but provide more opportunity to apply design skills such as design of cryptographic algorithms and protocols.

Meeting Scheduling Agent (Programing, Cryptography)

Objective

Develop an agent for scheduling meetings between multiple parties using different universal identity services.

The protocol should disclose the minimum possible information to each of the parties and to the scheduling agent itself.

Resources

(none yet)

Experiments

• Analyze the security of the protocol
  • What information can each party discover?
• (Usability) Test the usability of the system

Open Source Signer Acceditation

Objective

A key principle in dCM is that all code that executes on a platform should be signed and accountable. The level of privileges granted to the running code being determined by the level of accountability established.

Commercial code signing schemes are intended to establish accountability for commercial code developers. How can accountability be established in open source projects? How can injection of malicious code be avoided in large and small open source projects?

Resources

(none yet)

Experiments

Usable WiFi Connectivity

Objective

Design a user interface for a wireless networking system that provides usable security with minimal user interaction while still providing for display of necessary legal notices, acceptance of terms etc.

Resources

See evil WiFi Twin

Experiments

• Test the system out in a live environment that provides free WiFi connectivity (campus network, coffee shop)

Unencumbered Document Rights Management

Objective

Design an implement an end to end DRM scheme for document manaDesign an implement an end to end DRM scheme for document management (Word, HTML, OOXML, etc) that is based on 20 year old technology.

This is becomming a common real world problem due to the proliferation of patents, many of which add little or no value over earlier approaches. The signed assertion approach to DRM is in theory more powerful as it avoids the need for ubiquitous connectivity. But why do we need that today?

Resources

Ford-Wiener might be a useful starting point, although the work was done in 1994 and will therefore be encumbered for several years to come.

Experiments

• (Usability)

Research Projects

Some topics are large enough to require several years of serious, innovative thought.

Trustworthy Linux / BSD

Build certain trustworthy components into Linux or BSD.

In particular it would be very nice in the context of an embedded device to be able to lock down the processor such that it was only possible to run code that is signed and trusted by the owner. The risk of malicious code being injected onto the machine is therefore avoided. Unix is used in a large number of embedded devices, if devices from coffee makers through to MRI scanners are vulnerable to code injection the consequences could be serious.

BGP Security

Objective

Design a deployable architecture for BGP security

Resources

Some security infrastructure is being deployed today, in particular digital certificates are being issued to holders of ASNs.

A good place to start would be to talk to operators at an Internet backbone provider, find out how they actually resolve injection of bogus routes today.

Experiments

• Consider the economic properties, is the model deployable? What are the incentives?