Arvutiteaduse instituut
  1. Kursused
  2. 2019/20 kevad
  3. Krüptograafia Uurimisseminar (MTAT.07.022)
EN
Logi sisse

Krüptograafia Uurimisseminar 2019/20 kevad

  • Homepage
  • Topics
  • Links

List of supervisors and schedule

Contact details

Schedule

List of projects

Supervised by Aivo Kalu (in collaboration with Cybernetica)

  • Comparison of identity/authentication/signing APIs from security and architecture viewpoint

This project might be suitable for a student, who is interested in software developing/architecture aspects, yet still related to security. There are many competing API-s in the Baltic/Nordic region, which are used in practice, to request the authentication or signatures. For example: 

	• https://github.com/SK-EID/smart-id-documentation/blob/master/README.md
	• https://github.com/SK-EID/MID
	• https://developers.dokobit.com
	• https://developer.signicat.com/apis/sign-api/sign-api-v1/
	• https://github.com/open-eid/SiGa/wiki/Hashcode-API-description

and also, there are the “canonical” or “standard" ones like OIDC and SAML and DSS (http://docs.oasis-open.org/dss/v1.0/oasis-dss-core-spec-v1.0-os.html). Which one is good? Which one has the best properties from software point of view or security point of view? Which one to use for future integrations? How do we even compare them?

  • Applying Smart-ID authentication and digital signatures (or underlying SplitKey technology) in novel bitcoin/blockchain/SSI/DID use cases

Last year, the followng master thesis was published: https://www.semanticscholar.org/paper/Aleksandr-Ts%C3%B5ganov-Integrating-User-Identity-with-Ts%C3%B5ganov-Pintado/30c653214f5a30ed46343058039d4b53a8d326f9?utm_source=email.

If there are some additional ideas about where to apply the Smart-ID authentication services or perhaps to do more deeper integration with the SplitKey technology, we could discuss and see, if some interesting project could come out of this.

  • Comparison of the attack model of the FIDO with the attack model of Smart-ID

The current Smart-ID authentication API (https://github.com/SK-EID/smart-id-documentation/blob/master/README.md) specifies how the anonymous session with the web-site becomes the authenticated session. Your task is to compare the security properties of this authentication flow with https://www.w3.org/TR/webauthn-2/ and https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-security-ref-v2.0-id-20180227.html

  • Comparison of the properties of Smart-ID with framework by Bonneau et al.

We will study the paper https://www.cl.cam.ac.uk/~fms27/papers/2012-BonneauHerOorSta-password--oakland.pdf . We will analyze which properties are satisfied by the Smart-ID, which ones are not satisfied, which ones are already pointless in the year 2020. This can be compared with http://fc16.ifca.ai/preproceedings/25_Lang.pdf, which does the same kind exercise for FIDO in the section 6.1.

General links for Aivo's projects:

  • http://smart-id.com
  • https://cyber.ee/products/digital-identity/

Supervised by Kristjan Krips

  • Detecting Signal users

Signal finds contacts based on their phone numbers. As the set of valid phone numbers is limited, it should be possible to find out which phone numbers are connected with Signal. In addition, this should make it possible to monitor when certain phone numbers are activated in Signal.

Why the information is interesting? Signal provides a private communication channel but is still used by a small group of people who have different reasons for using Signal. While Signal is not a mainstream application it may be of interest for some parties to find out who is using Signal and when they start to use it. The task is to test how easy it is to do the first step in identifying Signal users. We do not attempt to identify the names behind the phone numbers, although that may be possible for some parties.

You will need a device that allows to run Signal application and in addition you will need two new prepaid SIM cards. Generate a contact list that contains valid phone numbers. Make sure that at least one real Signal user and the numbers from both of the SIM cards are in the contact list. Install Signal application using one of the prepaid SIM cards and check if the large contact list is accepted by the Signal servers. Check how to automatically extract the contacts that are using Signal. Once contacts are scanned / detected by the Signal application, use the 2nd SIM to activate a new Signal account. Check how fast that information pops us in the test device. Run the test device for a few weeks to check if new Signal users are detected. If possible, try to also detect the time when a new contact was found.

Links:
https://signal.org
https://github.com/signalapp
https://support.signal.org/hc/en-us/sections/360001614191-Security-FAQ

BSc or MSc level

  • Overview of security properties in SS7 / Diameter

Try to get a general understanding of how SS7 / Diameter protocol works. Based on that write a human readable overview that describes their architecture and security properties. Try to list known vulnerabilities.

This topic requires digging up good sources and then lots of reading to understand how these protocols work.

Links:
https://www.wired.com/2017/05/fix-ss7-two-factor-authentication-bank-accounts/
https://www.blackhat.com/docs/eu-17/materials/eu-17-Schmidt-Attacking-Next-Gen-Roaming-Networks.pdf
https://www.gsma.com/membership/wp-content/uploads/2018/09/Diameter-2018-eng.pdf https://tools.ietf.org/html/rfc6733 (diameter)
MSc or PhD level

  • Overview of the security properties used in 2G/3G/4G/5G (pick on your own)

Pick your favorite generation of mobile communication and write a summary about its security properties and known vulnerabilities.

You should try to answer the following questions:

  • How is the communication encrypted?
  • Where can the communication be intercepted?
  • How easily can the phones be tracked?
  • How are communication parties (including the cell towers / communication providers) authenticated?
  • How does roaming affect the situation?
  • Which are the known vulnerabilities and how do they affect the confidentiality / integrity / availability of the communication?

You could also focus on a limited set of security properties and compare them between different generations of mobile communication.

This topic requires digging up good sources and then lots of reading to understand how these protocols work.

BSc or MSc or PhD level

Assigned to Janar Juusu

Supervised by Ivo Kubjas

  • Black-box attacks against neural networks

Neural networks are a go-to tool for classifying input data into different sets. In honest setting, a well-trained neural network does a very good job, but in dishonest setting (where the attacker providing the input to the neural-network wants the output to be classified in a particular way) it is known how to perform manipulations on the data so that it would classify as wanted. This is relatively easy when the attacker has a white-box (i.e. full description of the network) access but a lot harder when only black-box access is provided. As in the industry (e.g. autonomous driving, financial markets etc.) the trained neural networks are considered intellectual property, then we can only assume black-box access.

The outcome of the report should preferably be a comparison of different black-box attack methods against neural networks. The student should know what are neural networks, how to define and train it.

[0] Adi Shamir, Itay Safran, Eyal Ronen, Orr Dunkelman: A Simple Explanation for the Existence of Adversarial Examples with Small Hamming Distance. https://arxiv.org/abs/1901.10861
[1] Nicolas Papernot, Patrick McDaniel, Ian Goodfellow, Somesh Jha, Z. Berkay Celik, Ananthram Swami: Practical Black-Box Attacks against Machine Learning. https://arxiv.org/abs/1602.02697
[2] Xiaolei Liu, Yuheng Luo, Xiaosong Zhang, Qingxin Zhu: A Black-box Attack on Neural Networks Based on Swarm Evolutionary Algorithm. https://arxiv.org/abs/1901.09892
[3] Arjun Nitin Bhagoji, Warren He Bo Li, and Dawn Song: Practical Black-box Attacks on Deep Neural Networks using Efficient Query Mechanisms. http://openaccess.thecvf.com/content_ECCV_2018/papers/Arjun_Nitin_Bhagoji_Practical_Black-box_Attacks_ECCV_2018_paper.pdf

  • Slides

This topic is suitable for MSc and PhD level students.

Supervised by Sven Laur

  • Formal verification of cryptographic proofs

Your task is to formalise technical lemmas about interactive systems consisting of several components in the proof assistant Coq. You can reuse the formalisation and code developed by Eric Cornelissen but you have to extend the same approach to different lemmas

  • Arcs over rings

Consider a plane. Then ark is a set of points such that no three points are on the same line. The generalisation to n dimensional space is obvious -- n+1 points always cover the entire space. More formally you have to consider difference x_i-x_0. These must be linearly independent. The definition trivially generalises over any vector space over the field. The definition is non-trivial for modules over rings as linear independence is badly defined. Your task is to study extension where no difference x_i-x_0 cannot be expressed as a linear combination of other differences. This not very well studied but has practical applications in error-correcting codes and linear secret sharing.

Supervised by Danielle Morgan

  • Assessing wireless keyboard protocols

More and more we depend on wireless devices in our everyday lives. At work, home or school we use a variety of tools including wireless keyboards and mice, access cards and smart home technologies. However, do we actually know what is sent from device to device or from device to USB connector? This would be especially important in the case of wireless keyboards. Are you keystrokes sent unencrypted in the open air or does the connected USB allow an attacker to gain access to your computer? Well if you haven’t thought about it, maybe you should. There are several attacks that have been performed on wireless keyboards and mice. Some of the most popular are MouseJack, KeyJack and LOGITacker.

The student’s task would be to write a report on implementing and using these attacks and which ones worked (why or why not). A Logitech keyboard/mouse pair will be provided as well as a nRF52840 Dongle for testing.

If another student is interested in this topic they can assess the wireless transmission protocol of a random keyboard using the HackRF.

This topic is suitable for all levels

https://www.mousejack.com/ https://www.bastille.net/research/vulnerabilities/keyjack/keyjack-intro https://github.com/RoganDawes/LOGITacker https://www.nordicsemi.com/Software-and-tools/Development-Kits/nRF52840-Dongle https://greatscottgadgets.com/hackrf/one/

  • NFC protocol

The University of Tartu Delta Center, one of the most modern centers for digital technology, analytics and economic ideas is finally open. It is boasted as being a smart building. One of those smart implementations includes staff using a card to access locked areas. The card is an NFC card that changes its UID every time it is read. A question: how exactly can it be used to identify a user?

The task of the student would be to write a report detailing the card type, memory structure and communication protocol used by the card. A Proxmark RDV4 and ACR1252U NFC card reader are available for use by the student.

  • Any HackRF project

Any student who has an idea regarding the HackRF or would just like a project with a HackRF can also be accommodated.

Supervised by Pille Pullonen (in collaboration with Cybernetica)

  • ASTRA: High Throughput 3PC over Rings with Application to Secure Prediction

The goal of this project is to study the core three-party computation protocols presented in the paper https://eprint.iacr.org/2019/429.pdf (focus on Sections 4.1 and 4.2). The report should describe the protocols in detail and include all the background information needed to make all the concepts understandable for the reader. The protocol descriptions should be accompanied by full proofs of correctness as well as example playthroughs of the protocols (at last for the cases with passive security).

This project is suitable for all students with basic understanding of modular arithmetic, previous knowledge of secure multiparty computation will be a nice bonus. The concrete goals of the project can be adjusted based on the level of the student.

Slides

Supervised by Pille Pullonen and Vitaly Skachek

  • How to Run Turing Machines on Encrypted Data

Algorithms for computing on encrypted data promise to be a fundamental building block of cryptography. The way one models such algorithms has a crucial effect on the efficiency and usefulness of the resulting cryptographic schemes. As of today, almost all known schemes for fully homomorphic encryption, functional encryption, and garbling schemes work by modeling algorithms as circuits rather than as Turing machines. In the paper studied in this project, cryptographic schemes are constructed for computing Turing machines on encrypted data that avoid the worst-case problem.

Shafi Goldwasser, Yael Kalai, Raluca Ada Popa, Vinod Vaikuntanathan, Nickolai Zeldovich, "How to Run Turing Machines on Encrypted Data", CRYPTO 2013.

Assigned to Andrei Perapiolkin

Supervised by Vitaly Skachek

  • Detection of Bots in the Social Media

Bot is a software that automaically imitates legitimate users in social networks and other online platforms. In the recent years bots were massively used by private entities, political groups and governments in order to influence public opinion in the desired direction. Bots possess certain properties that often allow to distinguish them from the human users.

In this project, the student will study the distinguishing properties of the automatic bots, and develop a software that will identify possible bots in social networks.

[1] Digital Forensic Research Lab, "#BotSpot: Twelve Ways to Spot a Bot", https://medium.com/dfrlab/botspot-twelve-ways-to-spot-a-bot-aedc7d9c110c

[2] Arzum Karataş, Serap Şahin, "A Review on Social Bot Detection Techniques and Research Directions"

BSc or MSc level

  • A Secure Fountain Architecture for Slashing Storage Costs in Blockchains

Full nodes, which synchronize the full blockchain history and independently validate all the blocks, form the backbone of any blockchain network by playing a vital role in ensuring security properties. On the other hand, a user running a full node needs to pay a heavy price in terms of storage costs.

An architecture for blockchain is proposed in the referred paper, which is based on fountain codes, a class of erasure codes, that enables any full node to encode validated blocks into a small number of coded blocks, thereby reducing its storage costs by orders of magnitude. In particular, the proposed Secure Fountain (SeF) architecture can achieve a near optimal trade-off between the storage savings per node and the bootstrap cost in terms of the number of (honest) storage-constrained nodes a new node needs to contact to recover the entire blockchain. A key technical innovation in SeF codes is to make fountain codes secure against adversarial nodes that can provide maliciously formed coded blocks. The main idea is to use the header-chain as a side-information to check whether a coded block is maliciously formed while it is getting decoded. Further, the rateless property of fountain codes helps in achieving high decentralization and scalability.

https://arxiv.org/pdf/1906.12140.pdf

MSc or PhD level

  • NIST quantum competition - second round

A number of proposals have passed into the second round of the NIST competition for post-quantum secure cryptosystems. This competition aims at selecting future standards for cryptosystems that are resistable to quantum attacks. The list of proposals that take part in the second round appear here: https://csrc.nist.gov/projects/post-quantum-cryptography/round-2-submissions . The full submission documents are available on the webpage of the first round: https://csrc.nist.gov/projects/post-quantum-cryptography/round-1-submissions .

In this project, the student will pick one of the proposals that passed into the second round, and will present the main ideas of the proposed system in the seminar. Specifically, we are interested in proposals BIKE, HQC, LEDAcrypt, NewHope, NTRUPrime, RQC and SIKE, but a student can also choose another proposal.

This project can be taken by several students, each student will be reviewing a different crypto system.

MSc or PhD level

Assigned to Valeh Farzaliyev (NIST candidate "Kyber")

Supervised by Dominique Unruh

  • Verification of crypto with EasyCrypt

Cryptographic proofs are typically very error prone. Humans make mistakes that are hard to notice. To avoid this, machine-verified proofs can be used. EasyCrypt is a popular tool for formulating such proofs. The task of the seminar is to give an introduction to EasyCrypt (with own examples) to the class, and to create a report explaining EasyCrypt.

Required background: Crypto I or comparable

Assigned to Kristiina Konno

  • Relativistic commitments

Relativistic commitments are protocols where a commitment scheme is implemented that is secure based on the assumption that the speed of light is bounded (i.e., to break it, you would have to communicate faster than light). Those can be made information-theoretically secure (i.e., no computationally unlimited or quantum attacker can break them).

The task of this topic is to give a short overview of the existing results, and to study and describe one of them in more detail.

Required background: Crypto I or comparable, Quantum Crypto if a quantum secure variant is studied

  • Cryptography from Information Loss

Reductions between problems, the mainstay of theoretical computer science, efficiently map an instance of one problem to an instance of another in such a way that solving the latter allows solving the former. The subject of this work is “lossy” reductions, where the reduction loses some information about the input instance. It is shown that such reductions, when they exist, have interesting and powerful consequences for lifting hardness into “useful” hardness, namely cryptography.

https://drops.dagstuhl.de/opus/volltexte/2020/11766/pdf/LIPIcs-ITCS-2020-81.pdf

Assigned to Raul-Martin Rebane

Supervised by Jan Willemson

  • Make a cool project with USB armory Mk II

There is a nice open platform for security dongles supported by F-Secure: https://www.crowdsupply.com/f-secure/usb-armory-mk-ii . Your task is to implement a cool project on top of it. A list of ideas from the dongle webpage:

  • Mass storage device with advanced features such as automatic encryption, virus scanning, host authentication, and data self-destruct
  • Hardware Security Module (HSM)
  • OpenSSH client and agent for untrusted hosts (e.g., Internet kiosks)
  • Router for end-to-end VPN tunnelling
  • Tor bridge
  • Password manager with integrated web server
  • Electronic wallet
  • Authentication token
  • Portable penetration testing platform
  • Low-level USB security testing
  • Arvutiteaduse instituut
  • Loodus- ja täppisteaduste valdkond
  • Tartu Ülikool
Tehniliste probleemide või küsimuste korral kirjuta:

Kursuse sisu ja korralduslike küsimustega pöörduge kursuse korraldajate poole.
Õppematerjalide varalised autoriõigused kuuluvad Tartu Ülikoolile. Õppematerjalide kasutamine on lubatud autoriõiguse seaduses ettenähtud teose vaba kasutamise eesmärkidel ja tingimustel. Õppematerjalide kasutamisel on kasutaja kohustatud viitama õppematerjalide autorile.
Õppematerjalide kasutamine muudel eesmärkidel on lubatud ainult Tartu Ülikooli eelneval kirjalikul nõusolekul.
Courses’i keskkonna kasutustingimused