Usable Security and Privacy

Course Type:

Lab

Course:

P4 / 4 SWS / 6 CP (ECTS)

Lecturer: 

Prof. Dr. Melanie Volkamer

Organisation:Peter Mayer

Start: 

2nd week of the lecture period

End:15.03.2016

Requirements: 

See below

Application:

You can apply for up to three of the topics described below using the application form. Note that both, applying through this form AND registering through TUCaN are mandatory to participate in the lab.

 

Deadline:   23.10.2015 
Notification: 26.10.2015


Note that this is a soft deadline (so you can still apply afterwards), but people registering before the deadline have precedence in the topic assignment.

Registration:

TUCaN

Frequency: 

every semester

Available Topics

#SupervisorDescription
1

Peter Mayer

Title: Alternative Authentication Technologies on Gamepad-driven Devices

 

Abstract: Authentication happens on a multitude of devices that each put different constraints on the design of authentication mechanisms. Unfortunately these are often ignored, causing pain and frustration for users. For example devices that rely solely on gamepad input such as gaming consoles often use on-screen keyboards and traditional text passwords. Each character has to be entered individually and is more often than not visible for a short period of time no matter whether other people are present or not. Therefore, alternatives need to be developed and evaluated.

The goal of this lab is to implement two authentication schemes for gamepad-driven devices building on a previously developed framework. As the framework has been implemented in the Unity game engine, experience with the Unity game engine is a plus.

 

2

Peter Mayer

Title: Unified Reporting Front-end for Password Strength Estimation Tools

 

Abstract: Many metrics are used to estimate the strength of passwords against guessing attacks. The traditional choices are entropy or the fraction of cracked credentials in a simulated attack. More elaborate metrics rely on guesswork or hidden markov chains. The tools to calculate all of these metrics are intended for security professionals. However, in smaller companies there are often no dedicated security specialists. Instead general technical personnel is responsible for the security of the IT infrastructure. Consequently, professional tools are not used in such contexts.

The goal of this lab is to expand a unified front-end for password cracking tools in order to enable non-professionals to run guessing attacks based on the software and policies used in a company. The results must be formatted and presented in a way that non-professionals can get an understanding of the important aspects. Experience with Java programming is a plus.

 

3

Simon Stockhardt

Title: Development of a rogue Access Point to intercept user data

 

Abstract: Using an unknown WiFi can have privacy intrusive consequences and also lead to a loss of your personal data. It is a crucial task for users to verify whether their wifi connection is to be trusted or not. Users' IT-security awareness can be improved by creating a teachable moment when connecting to a rogue wifi.

The goal of this lab is to enhance an existing open source platform based on OpenWRT (rogue access point) with capabilities to deliver adequate landing pages as teachable moment to people who have entered sensitive information and sent it over an unsecured connection as well as a reporting interface to display results. Furthermore, to facilitate experiments in the wild, the access point should be able to provide Internet access via a 3g/UMTS USB Dongle. Experiences with web-development and/or linux networking is a plus.

 

4

Melanie Volkamer

Title: Development of a break reminder tool

 

Abstract: Working in offices can put strain on your back and posture. A break reminder tool which offers (e.g. stretching) exercises can help to mitigate these problems... and while you are having a break, why not learn something about it-security in the process.

The goal of this lab is to develop a tool that reminds office workers to take a break and delivers (besides physical exercises) security awareness lessons. The tool should be cross-platform, allow the user to review the time they have spent on breaks, offer the possibility to configure custom intervals between the breaks and ideally be able to handle the following types of content: text, images, animated PowerPoint presentations and Videos.

 

5

Melanie Volkamer

Title: Privacy Friendly Sudoku App

 

Abstract: Many Apps have access to more system resources than they should have, e.g. flash lights that have full internet access on Android. We want to provide alternatives.

The goal of this lab is to develop a privacy friendly Sudoku App (zero permissions) for Android. The App should be able to generate new puzzles of specified difficulty, give hints, and show the solution to the generated puzzles as well as solve and give hints to sudokus from other sources. Experiences with mobile development is a plus.

 

6Melanie Volkamer

Title: Privacy Friendly PIN Support App

 

Abstract: Many Apps have access to more system resources than they should have, e.g. flash lights that have full internet access on Android. We want to provide alternatives.

The goal of this lab is to develop a privacy friendly App (zero permissions) for Android that gives users hints regarding memorizing their PINs. The respective content exists already and has to be presented in this new format. Experiences with mobile development is a plus.

 

7Melanie Volkamer

Title: Network Traffic Analyzer

 

Abstract: Usually it is not transparent for end users, that their laptops are communicating, and even less so with which servers (other than those websites that are actually vitisted) and at what time. Reasons range from cookies to operating system and software updates.

The goal of this lab is to develop a tool that helps users understand network activity on their device. The tool should be able to display a breakdown of network activity.

 

8Melanie Volkamer

Title: Network Traffic Analyzer App for Android

 

Abstract: Many Apps have access to more system resources than they should have, e.g. flash lights that have full internet access on Android. We want to provide alternatives.

The goal of this lab is to develop a privacy friendly App (as few permissions as possible) for Android that helps users understand network activity on their device. The App should be able to display a breakdown of network activity. Experiences with mobile development is a plus.

 

9Jurlind Budurushi

Title: Development of a framework to secure the communication between android/iOS applications and remote (and encrypted) databases

 

Abstract: The goal of this programming lab is to develop a framework that will facilitate and enable programmers of Android and iOS applications to securely connect their applications to a remote and encrypted database. Experiences with mobile development is a plus.

 

10Jurlind Budurushi

Title: Development of a tool to import and export privacy settings in Online Social Networks

 

Abstract: The The goal of this programming lab is to develop a tool that will enable users of Online Social Networks, for instance Facebook, to import and export their privacy settings. Hence, a layman should be able to import and set her/his privacy settings by using the privacy settings provided, i.e. exported, by an expert user. Experiences with web development is a plus.

 

11Find someone

Title: Your own suggestion for a topic

 

Abstract: You are welcome to propose your own topic, as long as it falls within our fields of research. Please contact a team member whose field of research is related to your idea before applying. You will have to find a team member who will supervise your suggested topic.

Modalities

  • All meetings, deadlines, what exactly has to be handed in and grades are determined by your supervisor
  • In general, the last possibility to hand in the results is the deadline in the general description
  • After the results have been handed in, they are presented in our Research Seminars

Requirements

  • Experiences with the respective programming languages
  • Knowledge in the field of usability and social aspects of technology are a plus
  • Knowledge in the field of it security are a plus
  • Experiences with Git are a plus (usage is expected)
  • Approval to distribute the code under an open source license (if not stated otherwise, we will publish the results on GitHub when development is complete)

Contents

  • Application and improvement of programming skills
  • Experiences in software development
  • Experiences in handling different developer tools
  • Experiences in usability and social aspects of technology
  • Design of secusity concepts that are practicable, effective and usable for non-professionals
  • Experiences with Git and GitHub
  • Experiences with open source licenses

Learning Goal

The skill to complete a development task professionally meeting prior specifications and adequately presenting the results. The focus arises from the respective topic. Examples are:

  • Development of usable security-relevant software
  • Reading and understanding scientific literature and technical documentation
  • Programming and documenting component-based software
  • Authentication schemes and protocols
  • Tallying and verification of encrypted votes (e-voting)
  • Usable email encryption and signatures

Einordnung in Studienplan und Prüfungsordnung

Das Praktikum richtet sich vor allem an Studenten der Informatik, Wirtschaftsinformatik, Mathematik, Elektro- und Informationstechnik ab 5. Semester, auch für LaG.

A A A | Drucken Print | Impressum Impressum | Sitemap Sitemap | Suche Search | Kontakt Contact | Website Analysis: More Information
zum Seitenanfangzum Seitenanfang