The subject for your final project can be any of the following. Note that each project must be carried out individually, i.e., no group projects will be accepted.

Experiments with security on embedded communication

Communications between embedded cpu-limited devices requires quick and light encryption schemes for protecting the information flow. Students will learn how to setup and program embedded Arduino devices that will made available from the LAB. Goal of this project is the demonstration of authentication, ephemeral key derivation and privacy preservation between embedded devices and Linux powered equipments over low bandwidth communication channel like Bluetooth or 868. For more details check these links

• Arduino Project
• Low bandwidth communication adapters

Experiments with 3G networking

(Team of) students will learn how to use general purpose hardware like Universal Software Radio Peripheral to create GSM/3G networks. Devices from National Instruments will be made available from the LAB. Goal of this project is to establish an encrypted communication between a ``fake'' RAN and an actual device powered with a custom SIM. For more details check these links

• The OpenBTS Project
• The GNURadio Project

Authentication protocol

The student would have to implement an authentication protocol between two processes that communicate through an IP network. Each student in this case needs to design, develop and analyze an authentication, and optionally session key derivation, protocol based on any of the cryptographic protocols introduced in class. The choice of programming language and operating system is up to the student.

The base requirements are as follows:

• The protocol can be any of the ones we have seen in class. You will get more points for implementing more complicated protocols, or protocols that provide more functionalities (mutual authentication, PFS, etc.). A possible approach could be to search the literature for protocols that intrigue you, and implement them.
• The implementation must be fully working, including attack test cases and malfunctioning scenarios. For example, for a PSK-based protocol, the implementation must allow users to test what happens when the PSK used by one side does not coincide with the one used by the other side.

Each student will need to prepare a 2-page (maximum!) description that covers the following points:

1. The protocol requirements, in terms of security, network (which transport layer? why?), terminals, servers, credential databases, etc.
2. The actual protocol rules, including one successful and at least one unsuccessful run.
3. An analysis of how the protocol satisfies the requirements set out by point (1) above.

Confidentiality in WPA-personal (802.11 networks)

In this case the student will design and implement a mechanism that violates confidentiality of WiFi networks based on WPA-PSK (AKA "WPA-Personal").

The system will assume that the attacker knows the PSK: by intercepting authentication messages exchanged by legitimate clients and APs using the same PSK, the system will derive the same ephemeral keys installed by other clients, and show that it is indeed possible to decrypt the entire session between other clients and the APs.