 |
Mandatory assignments in Computer Security Fall 2001You have to make two assignments in two different of the three areas: security analysis, cryptography, network security. You must choose and design your own problem. Below is a list of ideas. You can pick one of these or come up with your own suggestion. In each case you have to work out one page of description of the problem, and this description has to be accepted by Christian Boesgaard before you start solving the problem. Roughly in the middle of the work, you must meet with Christian and discuss your work so far and how you are going to complete it.It is recommended that you solve one problem, hand it in, and get it corrected before you start on the second. The problem can involve studying further literature, programming, experimenting or any subset of these tasks and always requires you to write a small report. If you are doing a programming assignment, the report should contain a few pages (approx. 10) about how you have attacked the problem and a code listing. If you are investigating an existing protocol or doing risk assessment, a longer report is required (approx. 25 pages). You should expect to spend 25 hours per person on each problem (excluding time for learning programming). The assignments are both mandatory and have to be passed in order to enter the examination for the course. Problems must be solved individually or in groups of two. Forming groups of three requires special permission from Christian and needs a very good and convincing argument! Implementation can be done in C, C++, Java, ML, Perl, or Python. Other languages may also be used, but should be approved in advance. Java is recommended to do implementations where libraries for big integers etc. are needed. C/C++ is recommended for implementations of symmetric ciphers. It should be clear from the report you hand in, what you have made yourself and what is taken from somewhere else (especially code). Cover page: When you hand in your solution you should use a cover page with the following information: "Mandatory Assignment x in Computer Security, Title of your problem, Name and it-c-email of each person in the group, Date of handing in the solution" The timing of solving the problems are shown in the table below.
Ideas for problemsSecurity AnalysisSecurity Analysis Security analysis of IT-C or another organization/firm, you can choose some sections from BS-7799 and use that to evaluate the security. The analysis should result in a report and recommendations for improvements (if necessary).CryptographyCryptanalysis of primitive ciphers Make a selection of tools to do the tests from the book and implement a small tool help break primitive ciphers.Cryptanalysis of modern ciphers Cryptoanalyze a simplified DES or AES. Electronic Money Make an overview of the current possibilities or implement one of the proposals. Implementation of a modern cipher Implement DES, AES/Rijndael, RSA or something else.
Network security (and protocols)Electronic Elections Make an overview of the current possibilities or implement one of the proposals.Time StampingImplement a secure time-stamping service. Time stamping is essential on physical contracts for instance documenting that an invention was known to somebody at a given time. How should this work digitally? Poker Implement a fair network poker-playing service (or roulette). TLS/SSL Analyse or implement TLS/SSL. IPSec Analyse, implement, or setup IPSec. Secure Email/chat application Design and implement an application for secure email and chat. Firewalls Design and setup a firewall solution. Intrusion Detection Design and setup an advanced IDS solution.
|
|||||||||||||||||||||||||||||||||||||
 |
 |
|
 |
 Updated 11/10-2001 |