Introduction. For those of you who are still trying to figure out a project idea, here are a few ideas. Remember, the trick will be to:
- pick a topic that is interesting to you,
- pick a project category (see below) that fits with your skills and learning goals,
- choose a scope of work that is realistic for the time available. For example, instead of implementing an exploit on production code and real-world data, you might instead choose (as time permits) to:
- implement only one part of the exploit (and simulate the rest), or
- implement the exploit on a simplified/simulated version of the program.
1. Conduct a Vulnerability Assessment
Identify and evaluate potential areas of weakness in a software package or protocol (e.g, identifying bad coding practices, overly complex design, improper use of crypto, etc).
2. Perform an Experiment
Quantify the effectiveness of a hacking exploit by designing an experiment collecting data on its effectiveness.
Example: Recall researchers recently used the CADO-NFS numberfield sieve implementation to crack the RSA key used by the ransomware Bitcrypt. Run an experiment on the effectiveness of NFS software in a cloud computing setting, for example, by using the factoring as a service framework.
3. Do an Implementation
Implement a previously proposed vulnerability or countermeasure in software, or improve an existing one.
Example: A recent source code review of Norway’s remote voting system outlined several potential vulnerabilities. Implement one of the exploits described and test it on the (actual, or simplified/simulated) source code.
4. Design a Solution
Propose a new countermeasure to a known vulnerability.
Example: The Bitcoin client stores your account information in a “wallet file” on your hard drive. This file contains the signing keys necessary to transfer funds associated with your accounts. A hacker that can gain access to this file, therefore, could spend your money. Devise and outline a new method for protecting Bitcoin wallets.