http://uva.nl/

SNE Master Research Projects 2011 - 2012
2004-
2005 		2005-
2006 		2006-
2007 		2007-
2008 		2008-
2009 		2009-
2010 		2010-
2011 		2011-
2012 		2012-
2013 		2013-
2014 		2014-
2015 		2015-
2016 		2016-
2017 		2017-
2018 		2018-
2019 		2019-
2020 		2020-
2021 		2021-
2022
Contact TimeLine Projects LeftOver Projects Presentations-rp1 Presentations-rp2 Objective Process Tips Project Proposal

Contact

Cees de Laat, room: C.3.152
Course Codes:

Research Project 1 MSNRP1-6 53841REP6Y
Networking Research Project 2 MSN2NRP6 53842NRP6Y
Forensics Research Project 2 MSN2FRP6 53842FRP6Y

TimeLine
RP1:
  • Wednesday Sep 21 2011, 10h15: Introduction to the Research Projects.
  • Nov 24, 2011, 15h00: Detailed discussion on finally chosen subjects for RP1.
  • Monday Jan 9th - Friday Feb 3th 2012: Research Project 1.
  • Friday Jan 13th: (updated) research plan due.
  • Tuesday Jan 17, 16h00: possibility for students to discuss problems/progress in OS3 Lab.
  • Wednesday Feb 8th 2012: Presentations RP1 in B1.23 @ Science.
  • Monday Feb 13th 9h00: RP1 - reports due
 RP2:
  • Wednesday may 9, 2012, 10h00, B1.23 Detailed discussion on finally chosen subjects for RP2.
  • Monday Jun 4th - Friday Jun 29th (or Jul 6th) 2012: Research Project 2.
  • Friday Jun 8th: (updated) research plan due.
  • Thursday Jul 5th 2012: Presentations RP2 in C 0.110 @ Science.
  • July 6th: RP2 - reports due (preferably not much later as holidays interfere).

Projects

Here is a list of student projects. Find here the left over projects this year: LeftOvers.
In a futile lightweight way to prevent spam I replaced "@" by "=>" in the table. Color of cell background:
Currently chosen project. Blocked, not available.
Project plan received. Confidentiality was requested.
Presentation received. Report but no presentation
Report received. Presentation in june.
Completed project.
wordle-s.jpg
# title
summary		 supervisor contact
students 		R
P 		1
/
2
4
N

Traffic anomaly detection using a distributed measurement network.

This research focuses on the relationship between traffic anomalies and the data collected by the RIPE Atlas measurement network. Two distinct vectors of research are used: first, a ground-truth search which looks to see in what degree real-life network events reflect in the RIPE Atlas data, and second, the collected data is analyzed to find the time and location where several probes' measurements in a certain network or geographical area yield abnormal results. The ground-truth events searched are not found with a good degree of confidence in the Atlas data and the possible reasons are detailed in the paper. The data analysis uses control charts to map the deviations from the mean of each probe. Two methods for aggregating the results in a certain area are then proposed. 		Emile Aben <emile.aben=>ripe.net>
Razvan Oprea <Razvan.Oprea=>os3.nl> 		R
P 		1
6
N

Advanced Metering Infrastructure.

An advanced metering infrastructure (AMI) is a system of networked devices, e.g. smart (electrical) meters, and forms the basis of a so-called Smart Grid. With a Smart Grid it is possible, e.g. to match energy consumption to green energy production by, e.g., (externally) managing domestic devices, provide personalized services to consumers and even allow consumers to become suppliers of energy. For this to work requires real-time, up-to a minute, bi-directional communication between the networked devices and a robust and scalable communication network.

This project consists of a literature study and designing a advanced metering infrastructure. The aim of the literature study is to explore the available smart metering technologies and to determine which of these technologies allow to build a robust, scalable and future proof Smart Grid. This is then followed by developing an architectural network design of a Smart Grid for the chosen technologies. Implementing the AMI design in a toy Monte Carlo simulation is also a possibility. 		Jan Amoraal <amoraal.jan=>kpmg.nl>
Vic Ding <vic.ding=>os3.nl> 		R
P 		2
8
SN

Content Delivery Network Interconnection

Research on interconnect of two CDNs (Content Delivery Networks) at TNO. The interconnection should feature at least pull-based content distribution from the Upstream CDN to the Downstream CDN, and the inter-CDN request routing to get a video file delivered from the Downstream CDN to a video client. Architecture study of CDN's.

In order for two different Content Delivery Networks to be able to connect to each other and exchange content, information about the properties of those CDNs need to be exchanged between the CDNs. Within the IETF there is currently development taking place on defining standards on what information needs to be exchanged as well as how this information needs to be exchanged. These developments focus on standards in[2]:
  • Exchange of metadata between CDNs,
  • Exchange of transaction logs & monitoring information,
  • Exchange of request-routing information,
  • Exchange of policies & capabilities, and
  • Content management/flushing
http://tools.ietf.org/html/draft-watson-cdni-use-cases-00 		Ray van Brandenburg <ray.vanbrandenburg=>tno.nl>
Bastiaan Wissingh <Bastiaan.Wissingh=>os3.nl> 		R
P 		2
9
SN

Automatic end-host configuration.

In most networks there is a DHCP server running to manage the address-pool. Using DNS and registration it is possible to dynamically use services.
In circuit-based networks this is different. Usually a circuit spanning the globe is formed between two or more nodes that need to transport a dataset, movie-files, or perform calculations together. These nodes work together for a short period of time, and then the circuit is torn down. These networks are separated from the Internet, so there is no DHCP server, or DNS.
Many gadgets already support dynamic discovery in any kind of network and service discovery is also possible in printers, or applications such as iTunes. This research project is about examining options to do address management and service discovery for end hosts in a cross-platform way. A starting point could be http://staff.science.uva.nl/~fdijkstr/publications/Link_Local_Addressing.pdf 		Jeroen van der Ham <vdham=>uva.nl>
Sebastian Dabkiewicz <sebastian.dabkiewicz=>os3.nl> 		R
P 		1
13
S

Distributed Password Cracking Platform.

Cracking of password hashes has many reasons. During IT audits we crack to test the effectiveness of a password policy, and during security tests we crack to further penetrate into a network. KPMG IT Advisory performs both assignments continuously and password cracking is a day-to-day activity. In order to fulfill the demands of our team to crack passwords we have a setup that consists of a CPU cluster and a GPU box. The cluster consists of ~70 CPU?s (john-MPI) with an easy to use interface for the pentesters to upload the hashes and get the results. The GPU box (5 GPU cards, many different tools) is used for specific cracks when GPU power is faster. This setup was created about 18 months ago, and has served us good in that time.

However, we see opportunities that we are not using. The current setup can be further optimized, but also we would like to further integrate the GPU power into the cluster. We would like students to research how we can further extend the current setup. Key components in this research are:
  • Cracking strategy: research cracking strategies that combine CPU and GPU cracking, dictionary, brute force and rainbow table cracking for a fixed set of hash types (to be defined)
  • Extending cracking functionality: research ways of extending the current john-mpi cluster with nodes and tools for GPU and rainbow table cracking
  • Integration of the two: research ways of integrating the researched cracking strategy into the newly extended cluster, in such a way that the cluster chooses the best strategy for the current load of the cluster and on the amount and type of uploaded hashes.
The research is an example of combining skills of system and network engineers and with the skills of security testers.

Research at KPMG IT Advisory can be challenging. We strive for the best results and therefore invest a considerable amount of time in you, to help you achieve the best. But to succeed together we require fully determined students that would like to go the extra mile.

The RP topics as stated on the website are fixed but we are open to changes in the exact research approach if the student prefers. We encouraged students to come up with own ideas and approaches. During the short intake interview your are invited to bring your ideas and approaches to the table. We use the intake to select the students who will get the opportunity to perform their research project at KPMG. 		Marc Smeets <smeets.marc=>kpmg.nl>
Dimitar Pavlov <dimitar.pavlov=>os3.nl>
Gerrie Veerman <Gerrie.Veerman=>os3.nl> 		R
P 		1
14
S

Integrating DMA attacks in exploitation frameworks.

It has been several years since the first research and tooling on firewire attacks; exploiting the use of direct memory access to read and write memory on desktops and laptops. The vulnerability is still there and several new technologies have come around that - in theory - may be prone to the same type of attack. We want students to further research this. Steps in the research can include:

1 Research the possibilities of this attacks on new techniques, e.g. Thunderbolt, HDMI, eSATA. Take into account that having DMA access in theory allows for the attack to happen. But there may be several practical issues that prevent the attack from happening (OS security measures, master-slave election in the bus unable to bypass, secure signing of devices connecting, etc).

2 Research the extend of the attack. The most common 'exploit' has been bypassing the logon screen and searching the memory for keys/passwords. But what kind of other attacks can you think of?

3 Create a Proof of Concept in one of the following ways:
  • Design/create a software component that can be used for such attacks. The proof of concept should be modular to allow different I/O techniques to be included, and preferably should be integrated in the Metasploit framework.
  • Design/create an 'Evil Docking Station', a docking station that - whilst looking normal - can attack an attached laptop via these.
Research at KPMG IT Advisory can be challenging. We strive for the best results and therefore invest a considerable amount of time in you, to help you achieve the best. But to succeed together we require fully determined students that would like to go the extra mile.

The RP topics as stated on the website are fixed but we are open to changes in the exact research approach if the student prefers. We encouraged students to come up with own ideas and approaches. During the short intake interview your are invited to bring your ideas and approaches to the table. We use the intake to select the students who will get the opportunity to perform their research project at KPMG. 		Marc Smeets <smeets.marc=>kpmg.nl>
Rory Breuk <rory.breuk=>os3.nl>
Albert Spruyt <Albert.Spruyt=>os3.nl> 		R
P 		1
18
N

Performance Analysis of OpenFlow Hardware.

OpenFlow is a new network technology. it was developed at Stanford University, but is now gaining support from companies like Cisco, Juniper, Microsoft, Google and Facebook. OpenFlow is a form of software defined networking where forwarding tables are programmed into switches by applications. In this project you will define which OpenFlow feature(s) you want to investigate. This can be done on a simulator and/or with real OpenFlow hardware. Prerequisites are basic knowlegde of Ethernet (forwarding tables, flooding, VLANs, spanning tree) and some programming experience in Python or C++.

Research Question here is: look at the fundamentals, performance, security, features that may be attractive.

For more information see www.openflow.org and www.opennetworking.org. 		Ronald van der Pol <rvdp=>sara.nl>
Michiel Appelman <michiel.appelman=>os3.nl>
Maikel de Boer <maikel.deboer=>os3.nl> 		R
P 		1
19
F

Electromagnetic Fault Injection (EMFI) on System-on-a-Chips (SoC) / Smartcards.

Fault injection techniques actively manipulate a side channel on a chip by applying short laser, voltage or clock cycle pulses. All of them are commonly used by Riscure to attack secure SoCs or smartcards. However, EMFI could be an interesting, unexplored and currently unused alternative.

All hardware required for this project will be provided by Riscure. However, the student will be asked to fine tune the provided hardware and relevant parameters. Possible parameters are:
  • Size of the coil used in the EM probe
  • Placement of the EM probe on the surface of the chip (front / back)
  • Distance of the EM probe to the surface of the chip
  • Power applied to to the EM probe
  • Decapsulated chip versus encapsulated chip
Questions that could be answered by the research:
  • Is EMFI feasible on embedded systems / smartcards?
  • What parts of the SoC are influenced with EMFI? (CPU/RAM/ROM/FLASH)
  • What are the advantages of EMFI compared to other fault injection techniques on SoCs / smartcards?
  • What are the disadvantages of EMFI compared to other fault injection techniques on SoCs / smartcards?
  • What is the most efficient configuration of the used EM probe?
  • What are the limitations of the used EM probe?
Useful information:
 Niek Timmers <niek=>riscure.com>
Sebastian Carlier <sebastian.carlier=>os3.nl> 		R
P 		2
20
S

l/O Load Scheduler for Grid Mass Storage.

l/O Load Scheduling on a high performance mass storage system.
Investigating an l/O load problem and implementing a possible solution.

Short description:
SARA manages a high performance data storage system used, among other things, to store data from the LHC (particle accelerator in Switzerland). This system is comprised of a disk front end and a tape back end. Data is copied from a remote host to the disc cache and then stored on tape. Reading in data sets from tape to the disc cache and then transporting it back to a remote host also occurs. This process is referred to as data staging.
A performance characteristic appears to be that it is either possible to read quickly from- or write quickly to the disc. Doing both simultaneously results in a much lower performance than 50%. A possible solution for this problem is the implementation of a scheduling mechanism in the staging process.
The assignment is to investigate techniques for improving performance of the over-all process and developing a (prototype) solution for this problem.

The assignment involves:
  • Conducting research into the improvement of the staging process
  • Suggesting possible solutions
  • Implementing and documenting a prototype solution
  • Giving a final report
 Walter de Jong <walter=>sara.nl>
Christos Tziortzios <Christos.Tziortzios=>os3.nl> 		R
P 		1
21
SN

Bootstrapping the Internet of the Future.

The design of the Internet did not account for network evolution. But since its existence, the Internet needed amendments to address problems or new protocols for new uses. The explosive increase of network devices and their increasing mobility currently threatens the stability of the Internet. Solutions to these problems, larger address space and keeping track of address locations, require changes to the network layer protocol.

We developed an approach to simplify the development and deployment of network layer protocols. Our solution encapsulates the network layer protocol by a virtual machine: the NetApp. In this thesis work, we will develop a few NetApps, IPv6 and OpenFlow, that can grow with demand. We will show that NetApps can be deployed on many Clouds, and that automatically the needed arrangements are made, e.g. creating a VPN, configuring IP addresses. The student will show that IPv6 deployment, or any other network layer protocol for that matter, becomes a trivial task with NetApps. 		Rudolf Strijkers <rudolf=>strijkers.eu>
Mohammad Shafahi <mohammad.shafahi=>os3.nl> 		R
P 		1
22
N

Resilient OpenDNSSEC.

In the OpenDNSSEC project, the Enforcer is the component performing automatic DNSSEC key roll-overs. Rolling keys can be done in many ways. The upcoming Enforcer will be able to roll to a new key in most of those ways, independent of the state and amount of current keys. It makes sure no validator could see its zone as bogus or insecure. In order to do these any-to-any roll-overs we described the validity of a zone in a formal way. We don't expect our users to grasp the mathematical definition, but they want to know what will happen in the future.

We would like to have a program that, given a configuration file, outputs a textual or graphical time line showing which resource records are published in what order, and when. The challenge is not limited to programming -contrary to the users- you will have to grasp our formal definition (and DNSSEC). 		Yuri Schaeffer <yuri=>nlnetlabs.nl>
Alex Kasabov <aleksandar.kasabov=>os3.nl> 		R
P 		2
23
F

Camera Identification on YouTube.

Identifying cameras used in YouTube videos by matching noise patterns.

Netherlands Forensics Institute. 		Marcel Worring <m.worring=>uva.nl>
Zeno Geradts <zeno=>holmes.nl>
Yannick Scheelen <Yannick.Scheelen=>os3.nl>
Jop van der Lelie <jop.vanderlelie=>os3.nl> 		R
P 		1
24
F

Ranking of manipulated images in a large set using error level analysis.

One form of image manipulation is particularly interesting to the NFI and is called the copy & move [8] technique. The copy & move technique applies to adding or removing objects to or from an image. The error level analysis (ELA) [5] image manipulation detection technique is particularly effective in detecting this kind of forgery. ELA makes use of some of the properties of lossy image formats [4] to detect differences in quality levels between the original image and potentially modified parts within that image.
The research focuses on determining whether the ELA technique can be used to, automatically, rank images in a large dataset based upon the likelihood of manipulations being present. By ranking a set of images, the dataset could potentially be reduced and in turn reduce the total amount of work needed to process the images.. 		Marcel Worring <m.worring=>uva.nl>
Jeffrey Bosma <Jeffrey.Bosma=>os3.nl>
Daan Wagenaar <daan.wagenaar=>os3.nl> 		R
P 		1
25
N

OpenFlow.

OpenFlow is a new network technology. it was developed at Stanford University, but is now gaining support from companies like Cisco, Juniper, Microsoft, Google and Facebook. OpenFlow is a form of software defined networking where forwarding tables are programmed into switches by applications. In this project you will define which OpenFlow feature(s) you want to investigate. This can be done on a simulator and/or with real OpenFlow hardware. Prerequisites are basic knowlegde of Ethernet (forwarding tables, flooding, VLANs, spanning tree) and some programming experience in Python or C++.

Research Question: implement spanning tree alike protocol in a network of switches.

For more information see www.openflow.org and www.opennetworking.org. 		Ronald van der Pol <rvdp=>sara.nl>
Iwan Hoogendoorn <Iwan.Hoogendoorn=>os3.nl>
Joris Soeurt <joris.soeurt=>os3.nl> 		R
P 		1
26
FS

Visualizing attacks on honeypots.

The National Cyber Security Centre (NCSC) constantly monitors the internet for threats. To monitor and follow the trends on malware infections it has deployed various honeypots in unused IP space. To gather all this data in a central database they are using SURFcert IDS, an open-source Distributed Intrusion Detection System based on passive sensors. The sensors are placed in each network that needs to be monitored and sends all data back to the logging server. The sensor is running honeypot software, such as Nepenthes, which can simulate multiple known Windows vulnerabilities. Whenever an attacker triggers the honeypot it will log all details of the attack and the attacker.

All the data is stored in a database which is accessible through a simple web-interface available at the logging server. Although the server offers some kind of reporting functionality it is not possible to easily browse the data and analyse it. Especially when a large number of sensors is used as is the case with NCSC.

The project goal is to create an interactive visualization that will help network security analysts to see patterns and trends while analyzing these alerts and helps identify risks.

Note: This item hit the news in July 2012:

Rory Breuk and Jop van der Lelie who are doing the Forensics Track in the Master System and Network Engineering have created a visual analytics tools for analyzing the results of a honeypot attracting SSH attacks. They did their work at the National Cyber Security Center and with UvA guidance by Marcel Worring. Their work has been featured in:

http://webwereld.nl/nieuws/111138
https://tweakers.net/nieuws/83093
http://www.automatiseringgids.nl/nieuws/2012/28/het-opvallendste-nieuws-volgens-marcel-sommeling
Bart Roos (GOVCERT.NL) <bart.roos=>govcert.nl>
Jop van der Lelie <jop.vanderlelie=>os3.nl>
Rory Breuk <Rory.Breuk=>os3.nl> 		R
P 		2
29
N

DNS-Based Authentication of Named Entries (DANE).

The DNS-Based Authentication of Named Entries (DANE) extension for the Domain Naming System (DNS) is currently being drafted by the IETF. This allows for inserting Secure Sockets Layer (SSL) and Transport Layer Security (TLS) certificates [1] (or their fingerprints or public key) into DNS using so-called TLSA resource records. By using the existing DNS Security Extentions (DNSSEC) chain, this data can be proven to come only from the administrator of the DNS zone [2]. Thereby validating the certificate.

This project aims to identify the amount of current certificates that could experience problems, and how these could be prevented or mitigated, when deploying DANE.

The Electronic Frontier Foundation (EFF) has a collection of all certificates and certificate chains found on the Internet. A subset of these will be used to create TLSA records with different options set, these will then be validated. Another item that could be researched is the implementation of the current specification (version 12) in DNS authoritative and recursive servers and how they handle certain situations, e.g. CNAME records (aliases) and multiple of the same TLSA records. 		Bert Hubert <bert.hubert=>netherlabs.nl>
Pieter Lexis <pieter.lexis=>os3.nl> 		R
P 		1
30
SN

Securing an outsourced network: Detecting and preventing malware infections.

With the rise of outsourced IT service management, client security is increasingly difficult to manage for IT security departments. Outsourced IT may comply to internal security standards, but often there is a mismatch between the security standards of the service provider and the client. IT requirements may change quickly due to technical and business evolution, but service level agreements and other contracts remain static over time. This situation may result in a situation where clients run old and insecure configurations.
Another upcoming trend with bigger security management challenges is the 'bring your own device' concept. User's may bring and use their own device to connect to the business IT network and use it for work purposes. In these cases, the user is responsible of maintaining the device and manage its security. In both cases, there is a high risk of getting infected with malware. These infections can be caused by various causes such as drive-by downloads and rogue applications that are installed by users.

Can these malware infections be detected and prevented from within the infrastructure of the business that has outsourced their IT or that allows 'bring your own device'? 		Ewout Meij <ewout.meij=>external.t-mobile.nl>
Dennis Cortjens <dennis.cortjens=>os3.nl>
Tarik El Yassem <Tarik.ElYassem=>os3.nl> 		R
P 		1
35
F

Definition of business rules and BRMS specification for Hansken.

The seized material in a typical case consists of several PCs, mobile (smart)phones and digital cameras. Bit-for-bit copies of the data stored in the material are put in XIRAF. We currently lack a set of bit-for-bit copies that we can use for demo and training. We ask the student(s) to:
  1. Describe a (criminal) scenario that leaves a lot of digital traces in multiple systems (e.g. timestamps, geo-locations, interaction);
  2. Think of ways to hide some of the traces and apply those to the scenario;
  3. To make the material realistic, they have to contain a lot of traces that have nothing to do with the scenario.
  4. Execute the scenario, keeping a detailed log;
  5. Deliver the bit-for-bit copies of all systems used in the scenario.
 Zeno Geradts (DT) <zeno=>holmes.nl>
Thomas Schermer Voest <schermer.thomas=>student.uva.nl> 		R
P 		2
40
SN

Green computing in IEEE 802.3az enabled clusters

Energy efficiency is an important requirement for computing and communication systems. In order to construct a green computing system, we have to understand the energy consumption behavior of both the low level infrastructure and the application models. The Energy-Efficient Ethernet [1] enhancements have led to the IEEE 802.3az [2] standard which has now been adopted by several network/Telcom device vendors. However, how to achieve the system level energy saving by using the 802.3az is still a challenging issue. In this project, we will focus on the following two questions:
  1. How does 802.3az standard affect the energy consumption in Ethernet?
  2. How to schedule the application execution with awareness of 802.3az?
The test bed will be a test cluster connected using a S1700 switch [3] from Huawei. The student(s) should 1) measure the energy consumption of the switch as well as the whole system using different patterns of communication loads, 2) compare the energy behavior of the communication loads between 802.3az compliant and normal switches, and 3) discover how to integrate the 802.3az features in a more general green scheduling strategy for computing.
  1. Energy Efficiency Ethernet: http://en.wikipedia.org/wiki/Energy-Efficient_Ethernet
  2. IEEE 802.3az: http://www.ieee802.org/3/az/index.html
  3. Device: http://market.huawei.com/hwgg/enterprise/u-channel/pdf/S1700.pdf
Zhiming Zhao <z.zhao=>uva.nl>
Paola Grosso <p.grosso=>uva.nl>
Joris Soeurt <joris.soeurt=>os3.nl>
Dimitar Pavlov <dimitar.pavlov=>os3.nl> 		R
P 		2
41
SN

Torrent monitoring & statistics.

During the Easter weekend some SNE researchers performed measurements on Bittorrent traffic, specifically to find out whether the blockage of The Pirate Bay had any effect on specific ISPs. The result was a quick report to show that there was no significant effect. See:
http://www.delaat.net/news/2012-04-13/dutchpirate.pdf

We would like to continue improving these measurements and the statistics calculation. We would also like to try figure out a way to perform measurements without uploading and downloading.
  • Would it be possible to create a sort of live view?
  • What other things should we look at when considering network transparency in the Netherlands?
  • What tools are needed to monitor that?
 Jeroen van der Ham <vdham=>uva.nl>
Hidde van der Heide <hidde.vanderheide=>os3.nl> 		R
P 		2
46
N

Multipath TCP.

Multipathing can be done on L3 with Equal Cost Multipathing (ECMP) or on L2 with TRILL or SPB. In these cases multipathing is usually done based on flows by calculating a hash (including e.g. Ethernet addresses, IP addresses and TCP/UDP port numbers) of the packets. Flows with the same source and distination follow the same path.
This works well when the traffic has many different flows. However, in large data e-science applications there are typically only a few flows and hashing does not spread the load evenly along the interfaces in those cases. In this project two alternative technologies will be investigated: multipath TCP (MPTCP) and GridFTP. MPTCP works for all applications by spreading the application byte stream over multiple interfaces. GridFTP is an application that can use multiple interfaces to FTP an file from A to B. Students will evaluate and compare the performance of both technologies (separate and in combination) in a local 10GE testbed (and possibly 40GE local and 10GE wide area testbed). 		Ronald van der Pol <rvdp=>sara.nl>
Gerrie Veerman <gerrie.veerman=>os3.nl> 		R
P 		2
47
N

Time Sensitive Application Transport.

Time-sensitive data transport, such as that required by e-medicine or real-time video streaming, is dependent on minimal jitter and delays. There is an ongoing discussion in the NREN community as to which base technology, TDM or packet, is best suited for time-sensitive datatransfer. In addition, all NSI demonstration networks have been stumbling over Ethernet limitations in respect of switching and scaling. The community, therefore, needs to look at better technologies such as OTN, PBB and MPLS-TP for these services. Some of the typical transport vendors, such as Ciena, Alcatel-Lucent, Nokia Siemens and Huawei, are beginning to offer such services, and the main commercial service suppliers are also adopting this path.
This sub-task will study which technology is best suited to handling time-sensitive data transport in various conditions, e.g. normal operation, during link failure and during high load conditions. 		Cees de Laat <delaat=>uva.nl>
Erik-Jan Bos <Erik-Jan.Bos=>UvA.nl>
Mohammad Shafahi <mohammad.shafahi=>os3.nl> 		R
P 		2
53
N

Secure Internet Banking on Insecure Hosts.

(combination of ABN Amro and Deloitte)
When you want to use the Online Banking application of ABN Amro over the internet using an unknown or Internet caf� computer you will never know how safe and secure the computer and network is. Customers are interested in solutions that will allow them to perform Online Banking safely in a hostile environment. Technologies and concepts such as sandboxing could be an option to improve security, but are not always considered user friendly or secure.

For this research ABN AMRO and Deloitte are interested in user friendly online solution for insecure environments that allow secure online banking. For example, how can we make sure that users can perform secure online banking while using insecure systems and networks. Investigating a scheme that would still use an one-time application, but perform the transactions directly through a possibly insecure host. 		Sander Vos
<Sander.Vos=>nl.abnamro.com>
Martijn Knuiman <MKnuiman=>deloitte.nl>
Christos Tziortzios <Tziortzios =>os3.nl> 		R
P 		2
57
N

Discovering Path MTU black holes on the Internet using RIPE Atlas.

With World IPv6 Launch on June 6th this year, we (the network community) consider the IPv6 protocol as mature and stable as IPv4 that served us well the past 20+ years. Unfortunately, transition from IPv4 to IPv6 is not as effortless as hoped for, and many smaller and larger glitches are making a painless IPv6 deployment difficult.

The RIPE Atlas infrastructure offers a huge monitoring infrastructure of about 1500 probes, see http://atlas.ripe.net/. With these probes simple measurements can be instrumented to monitor the network from many vantage points. Recently, user defined experiments can also be executed on the Atlas infrastructure. In the project, student can design and analyse a number of Atlas experiments to study IPv6 reachability and problems (the annoyances), for example MTU problems and IPv6 fragments.
http://www.nlnetlabs.nl/ 		Benno Overeinder <benno=>nlnetlabs.nl>
Maikel Boer <maikel.deboer=>os3.nl>
Jeffrey Bosma <jeffrey.bosma=>os3.nl> 		R
P 		2
60
N

Social media crawling.

In the last few years, much attention has been given to the public exposure of individuals via social networks. This has lead to some awareness with end users, who have started to limit the exposure of their personal information to the (public) world wide web. However, the social networks still contain a wealth of information for third parties. A previous OS3 research project (http://cees.delaat.net/rp/2010-2011/p13/report.pdf) about this subject proved that it is possible to plot the mappings between users of different social networks, and together reveal more info. It also proofed that public data on social networks can be crawled on a large scale. But within the topic of social networks there still is a lot more to research.

In this project the candidate(s) should focus on further harvesting of data from social networks via publicly available sources. One of the possibilities to do this is by the creation of zombie profiles, which are fake profiles created for the purpose of information crawling. By automating the creation of these profiles and becoming part of a friend-circle, a lot of personal information can be crawled. Another approach would be to improve the profile matching algorithm of the data crawlers created in the previous research. The exact approach will be defined in the in the first week of the project.

Research at KPMG IT Advisory can be challenging. We strive for the best results and therefore invest a considerable amount of time in you, to help you achieve the best. But to succeed together we require fully determined students that would like to go the extra mile.

The RP topics as stated on the website are fixed but we are open to changes in the exact research approach if the student prefers. We encouraged students to come up with own ideas and approaches. During the short intake interview your are invited to bring your ideas and approaches to the table. We use the intake to select the students who will get the opportunity to perform their research project at KPMG. 		Marc Smeets <smeets.marc=>kpmg.nl>
Yannick Scheelen <yannick.scheelen=>os3.nl>
Daan Wagenaar <daan.wagenaar=>os3.nl> 		R
P 		2
61
FSN

Fault injection model for the XMEGA64A3.

Glitching attacks can accomplish things that logically cannot be achieved while attacking embedded systems. At the same time is it a pre-requisite for many attacks to gain access to the code or obtain runtime control before other attacks (such as side channel analysis) can be applied.
Most common microcontrollers these days include features designed to protect the internal code from extraction, which prevent access to the code for further analysis. It is expected that through glitching these features can be circumvented. An example of such a microcontroller is the MSP430, where the code can be accessed via the JTAG or BSL interface, which both can be protected or disabled. The projects focus will be on documenting exactly what the effects of voltage glitching are on the chip. If there is time available, bypassing the BSL will be attempted.

The goal of this project is to:
  • create a voltage glitching setup aimed to bypass the code protection features of the MSP430
    • the hardware setup will be provided by Riscure
    • the "test application" will be mainly developed by the student
  • influence of different types of voltage glitches on the code protection features, such as:
    • spikes to low voltage
    • spikes to high voltage
    • long duration threshold voltage dips
  • gain better understanding on how and when to apply different glitch techniques
  • succesfully bypassing the BSL protection of the MSP430
The following deliverables are requested from the student:
  • A clear and consise scope of the project
  • A clear description of performed tests and their results
  • Recommendations for future testing
Reference:
http://events.ccc.de/congress/2008/Fahrplan/attachments/1191_goodspeed_25c3_bslc.pdf 		Niek Timmers <Timmers=>riscure.com>
Albert Spruyt <Albert.Spruyt=>os3.nl> 		R
P 		2

Presentations-rp1

Wednesday feb 8th in room B1.23 at Science Park 904 NL-1098XH Amsterdam.
Time
  #RP Title Name(s) RP
09h30
Welcome, introduction. Cees de Laat
09h35 25 Iwan Hoogendoorn, Joris Soeurt OpenFlow. 1
10h00 18 Michiel Appelman, Maikel de Boer Performance Analysis of OpenFlow Hardware. 1
10h25 27 Fred Wieringa IPV6 risks and vulnerabilities. 1
10h45 6 Vic Ding Advanced Metering Infrastructure. 2
11h05
Pauze

11h15 19 Sebastian Carlier Electromagnetic Fault Injection (EMFI) on System-on-a-Chips (SoC) / Smartcards. 2
11h55 20 Christos Tziortzios l/O Load Scheduler for Grid Mass Storage. 1
12h15 29 Pieter Lexis DNS-Based Authentication of Named Entries (DANE). 1
12h35
Lunch

13h30 9 Sebastian Dabkiewicz Automatic end-host configuration. 1
13h50 4 Razvan Oprea Traffic anomaly detection using a distributed measurement network. 1
14h10 23 Yannick Scheelen, Jop van der Lelie Camera Identification on YouTube. 1
14h35 24 Jeffrey Bosma, Daan Wagenaar Ranking of manipulated images in a large set using error level analysis. 1
15h00
Pauze

15h15 14 Rory Breuk, Albert Spruyt Integrating DMA attacks in exploitation frameworks. 1
15h40 13 Dimitar Pavlov, Gerrie Veerman Distributed Password Cracking Platform. 1
16h05 30 Dennis Cortjens, Tarik El Yassem Securing an outsourced network: Detecting and preventing malware infections. 1
16h30
Evaluation. Cees de Laat & OS3 team
16h35
End

Presentations-rp2

Thursday July 5 th, 2012, room C 0.110 at Science Park 904, NL-1098 XH Amsterdam.
Time
 #RP
 Title
 Name(s)
 RP
09h30
Welcome, introduction. Cees de Laat
09h35 53 Secure Internet Banking on Insecure Hosts. Christos Tziortzios 2
09h55 54 Secure embedding of external content. Alexandre Miguel Ferreira 2
10h15 35 Definition of business rules and BRMS specification for Hansken. Thomas Schermer Voest 2
10h35 61 Fault injection model for the XMEGA64A3. Albert Spruyt 2
10h55
Pauze

11h10 26 Visualizing attacks on honeypots. Jop van der Lelie, Rory Breuk 2
11h40 40 Green computing in IEEE 802.3az enabled clusters. Joris Soeurt, Dimitar Pavlov 2
12h10 57 Discovering Path MTU black holes using RIPE Atlas. Maikel Boer, Jeffrey Bosma 2
12h40
Lunch

13h30 22 OpenDNSSEC. Alex Kasabov 2
13h50 41 Torrent monitoring & statistics. Hidde van der Heide 2
14h10 60 Social media crawling. Yannick Scheelen, Daan Wagenaar 2
14h40 46 Multipath TCP. Gerrie Veerman 2
15h00
Pauze and move to B1.23

15h30 47 Time Sensitive Application Transport. Mohammad Shafahi 2
15h50 50 Load balancing in ESB based service platform. Nick Barendregt 2
16h10 8 Content Delivery Network Interconnection. Bastiaan Wissingh 2
16h30
Closing. Cees de Laat & OS3 team
16h45
Borrel in SNE lab.