Project Ideas

Introduction. For those of you who are still trying to figure out a project idea, here are a few ideas. Remember, the trick will be to:

Below are a few potential types of projects. This list is non-exhaustive, and feel free to propose something new.


1. Conduct a Vulnerability Assessment

Identify and evaluate potential areas of weakness in a software package or protocol (e.g, identifying bad coding practices, overly complex design, improper use of crypto, etc).

Example: Conduct a vulnerability assessment of an open-source security tool (e.g., Cryptocat, an encrypted instant messaging tool) or standard (e.g., OAuth a federated authentication protocol).


2. Perform an Experiment

Quantify the effectiveness of a hacking exploit by designing an experiment collecting data on its effectiveness.

Example: Recall researchers recently used the CADO-NFS numberfield sieve implementation to crack the RSA key used by the ransomware Bitcrypt. Run an experiment on the effectiveness of NFS software in a cloud computing setting, for example, by using the factoring as a service framework.


3. Do an Implementation

Implement a previously proposed vulnerability or countermeasure in software, or improve an existing one.

Example: A recent source code review of Norway’s remote voting system outlined several potential vulnerabilities. Implement one of the exploits described and test it on the (actual, or simplified/simulated) source code.


4. Design a Solution

Propose a new countermeasure to a known vulnerability.

Example: The Bitcoin client stores your account information in a “wallet file” on your hard drive. This file contains the signing keys necessary to transfer funds associated with your accounts. A hacker that can gain access to this file, therefore, could spend your money. Devise and outline a new method for protecting Bitcoin wallets.