http://uva.nl/

SNE Master Research Projects 2018 - 2019
2004-
2005 		2005-
2006 		2006-
2007 		2007-
2008 		2008-
2009 		2009-
2010 		2010-
2011 		2011-
2012 		2012-
2013 		2013-
2014 		2014-
2015 		2015-
2016 		2016-
2017 		2017-
2018 		2018-
2019 		2019-
2020 		2020-
2021 		2021-
2022
Contact TimeLine Projects LeftOver Projects Presentations-rp1 Presentations-rp2 Objective Process Tips Project Proposal

Contact

Cees de Laat, room: C.3.152
And the OS3 staff.
Course Codes:
Research Project 1 53841REP6Y
Research Project 2 53842REP6Y

TimeLine

RP1 (January):
  • Wednesday Nov 01, 2018, 10h15-13h00: Introduction to the Research Projects.
  • Wednesday Dec 05, 2018, 10h15-13h00: Detailed discussion on selections for RP1.
  • Monday Jan 7th - Friday Feb 1th 2019: Research Project 1.
  • Friday Jan 11th: (updated) research plan due.
  • Monday Jan 21, 2019, 16h00, progress meeting (not mandatory).
  • Monday Feb 4, 2019 15h00-17h00: Presentations RP1 in B1.23 at SP 904.
  • Tuesday Feb 5, 2019 10h00 - 17h00: Presentations RP1 in B1.23 at SP 904.
  • Sunday Feb 10, 24h00: RP1 - reports due
 RP2 (June):
  • Wednesday May 22, 2019, 14h00-16h00, B1.23 Detailed discussion on chosen subjects for RP2.
  • Monday Jun 3th - Friday Jun 28, 2019: Research Project 2.
  • Friday Jun 7th: (updated) research plan due.
  • Monday Jun 17: come back day 16h00.
  • Thursday Jul 4 2019, 10h00-17h00: presentations in H0.008 @ SP904.
(as backup presentation day we have:
Wednesday Jul 3 2019, 12h00-17h00: presentations in Turing zaal @ CWI.)

Projects

Here is a list of student projects. Find here the left over projects of this year: LeftOvers.
In a futile attempt to prevent spam "@" is replaced by "=>" in the table.
Color of cell background:
Project available Presentation received. Confidentiality was requested.
Currently chosen project. Report received. Blocked, not available.
Project plan received. Completed project. Report but no presentation
Outside normal rp timeframe project will be done in next block
wordle-s.png


title
summary		 supervisor contact
students 		R
P 		1
/
2
1

End-to-end automated email component testing.

Handling electronic mail in the modern age involves many different software components, as well as significant configuration skills and regular maintenance. This creates a large surface for human error. What is currently missing is an end-to-end automated email component test that system administrators running email systems can use to see if all the components in their actual setup are fully functional. The research question is defined as:
  • To what extent can we prove an e-mail server is properly setup via end-to-end component testing?
In order to answer the main research question, the following sub-questions are defined:
  • What are relevant e-mail server components?
  • Which features are missing in the current mail testing websites, that are required in an end-to-end system?
  • What tests can we run on those missing components.
Code can be found on: https://gitlab.os3.nl/Networking/pogo
 Michiel Leenaars <michiel=>nlnet.nl>
Isaac Klop <Isaac.Klop=>os3.nl>
Kevin Csuka <kevin.csuka=>os3.nl>
 R
P 		2
12

Technical feasibility of Segment Routing Traffic Engineering to steer traffic through VNFs.

Steering traffic to NVFs (Network Virtual Functions) in a network allows to deliver tailored services to end users, such as fire-walling and traffic inspection, as well as load balancing. In this project we look at the suitability of using segment routing to deliver the traffic to the NVFs. The project is carried out at SURFnet and it will use virtual and physical testbed for the validation of the concept.
 Marijke Kaat <marijke.kaat=>surfnet.nl>
Eyle Brinkhuis <eyle.brinkhuis=>surfnet.nl>
Ronald van der Gaag <rgaag=>os3.nl>
Mike Slotboom <mslotboom=>os3.nl>
 R
P 		1
20

Network Peering Dashboard for SURFnet.

SURFnet is the National Research and Education network and we among other services provide internet connectivity to research and higher education in the Netherlands. To do this in the best way we can we need tooling that enables us to get a good oversight of our external connectivity and all our peers.

The student we are looking for would help us implement and build a peering dashboard and have this dashboard interact with external information sources (such as http://peeringdb.com), our ticketing tool and our automation environment.

Research questions include what information should be presented in this tool that helps SURFnet provide the best external connectivity. Is there a way to propose peers available at the IXs SURFnet connects to that aren't peering yet. How to have an as redundant as possible setup, can a tool propose additional peers for the best redundancy. 		Jac Kloots <jac.kloots=>surfnet.nl>
Marijke Kaat <marijke.kaat=>surfnet.nl>
David Garay; <david.garay=>os3.nl> 		R
P 		1
22

Next Generation Wi-Fi: IEEE 802.11ax 1024-QAM and DL OFDMA.

Summary:
The next generation of Wi-Fi is the IEEE 802.11ax standard, also known as Wi-Fi 6. Key features introduced in order to achieve an increase in throughput and efficiency are OFDMA (Orthogonal Frequency-Division Multiple Access), MU-MIMO (Multi-User Multiple-Input and Multiple-Output), and higher modulation schemes such as 1024-QAM (Quadrature Amplitude Modulation).

This project aims to build a framework to test the physical layer of the IEEE 802.11ax standard. The first step is to build the test setup shown in the picture below and subsequently automate the tests using MATLAB. The setup will be built in the Faraday room in Schiphol-Rijk.

This research subject is not only building the setup, but also performing the measurements in order to address the following research questions regarding the key features introduced with IEEE 802.11ax:
·        What is the benefit of introducing 1024QAM modulation compared to 256QAM in terms of throughput?
·        What is the impact of introducing OFDMA by increasing the number of clients compared to the theoretical performance simulations (for example the MATLAB 802.11ax downlink OFDMA throughput simulation)?

We have 802.11ax reference boards for multiple vendors, the required MATLAB licenses, a spectrum analyser capable of capturing 160MHz, as well as a RF shielded room available in Schiphol-Rijk.
 Jan-Willem van Bloem <jvanbloem=>libertyglobal.com>
Arjan van der Vegt <avdvegt=>libertyglobal.com>
Daan Weller <Daan.Weller=>os3.nl>
Raoul Dijksman <Raoul.Dijksman=)os3.nl>
 R
P 		1
24

Investigation of security on Chinese smartwatches.

Smartwatches are an unknown area in information risk. They are an additional display for certain sensitive data (i.e. executive mail, calendars and other notifications), but are not necessarily covered by organizations' existing mobile security products. In addition, it is often much easier to steal a watch than it is to steal a phone. What is the data that gets 'left behind' on smartwatches in case of theft, and what information risks do they pose? 		Alex Stavroulakis <Stavroulakis.Alex=>kpmg.nl>
Kasper van Brakel <kbrakel=>os3.nl>
R Witsenburg <renee.witsenburg=>os3.nl> 		R
P 		1
25

WhatsApp End-to-End Encryption: Are Our Messages Private?

WhatsApp has recently switched to using the Signal protocol for their messaging, which should provide greatly enhanced security and privacy over their earlier, non end-to-end encrypted propietary protocol. Of course, since WhatsApp is closed source, one has to trust WhatsApp to actually use this Signal protocol, since one cannot review the source code. What other (automated) methods are there to verify that WhatsApp actually employs this protocol? This research is about reverse engineering Android and/or iOS apps.; 		Alex Stavroulakis <Stavroulakis.Alex=>kpmg.nl>
Pavlos Lontorfos <Pavlos.Lontorfos=>os3.nl>
Tom Carpaij <tcarpaij=>os3.nl> 		R
P 		1
27

Probabilistic password recognition.

Password authentication is still a very popular way of authenticating users. When a law-enforcement agency seizes the hard drive of a suspect, they have a small window of time to gather evidence from it to extend pre-trial detention. Because of the large amount of data, automated tools can be useful to scan a drive for interesting files. Files containing passwords are especially interesting because they can provide access to extra data. This research focuses on the probability that a certain input string is a password. There has been a lot of research on the strength of passwords [1][2][3] but little to no research has been done on the probability that a string could be a password.
In theory, every string that holds to the requirements of the system enforcing the passwords, could be a password. Because of this, there is no way to know for sure whether a string is a password or not. Because of this, the purpose of this research is to get to a probability that a string is a password.
The main question for this research is:
  • How can software calculate the probability of an input string being a password?
The research question can be divided into multiple sub- questions:
  1. What characteristics differentiate a password from ’regular’ text?
  2. How can these characteristics be used to come to an algorithm that defines a probability of a string being a password?
 Zeno Geradts <Z.J.M.H.Geradts=>uva.nl>
Tiko Huizinga <tiko.huizinga=>os3.nl> 		R
P 		1
28

The development of a contained and user emulated malware assessment platform.

Using common tools such as Puppet, Docker or other mass-deployment solutions create a Windows and Linux blended solution that enables the automatic creation of a virtualized test lab for the evaluation of a potential malware across multiple Antivirus (A/V) products concurrently and securely. This does not involve analysis of the potential malware in a sandbox such as Cuckoo sandbox but the evaluation of an executable across multiple free and commercial A/V products.

Area of expertise: Red Teaming Operations 		Vincent van Mieghem <vvanmieghem=>deloitte.nl>
Henri Hambartsumyan <HHambartsumyan=>deloitte.nl>
Siebe Hodzelmans <siebe.hodzelmans=>os3.nl>
Frank Potter <Frank.Potter=>os3.nl> 		R
P 		1
29

Availability analysis of SURFwireless.

Since 2016 SURFnet offers Wi-Fi as a service. This includes the tender process, Wi-Fi measurements, planning the location of the access points, maintenance, monitoring, and the security of the Wi-Fi network. The goal of this research project is to investigate whether Wireless intrusion prevention systems can be used to protect the Wi-Fi network of SURF against well known attacks like rogue access points, mitigation, encryption cracking and what measures can SURF take against these kind of attacks.

Request questions:
  • Which common Wi-Fi attacks can be used to threaten SURFwireless?
  • How can SURFNET detect that the availability of the SURFwireless service is under threat and estimate its impact?
  • What measures can SURFnet take to improve the availability of SURFwireless?
 Frans Panken <frans.panken=>surfnet.nl>
Kasper van Brakel <Kasper.vanBrakel=>os3.nl>
 R
P 		2
31

Scaling AMS-IX Route Servers.

The route servers are a vital part of an IXP ecosystem, a central component that allows the exchange of prefixes between IXP peers without establishing hundreds of BGP sessions. In AMS-IX, with more than 700 established peers and 350.000 prefixes, the configuration of the Route Servers becomes harder and the current toolset has reached its scalability limitations. While these numbers grow significantly year by year, the demand for a new framework that can push configuration in a more scalable approach becomes more critical. The new framework should use modern tools like container technology and python templates with the Large Installation & Administration techniques in order to cover our engineering needs. At the same time, the solution should cover the customer requirements for fast re-configuration, integrity and accuracy. The background knowledge fields that are required for this project are the Networking track of OS3 and especially the BGP protocol, the system engineering and virtualisation technologies, which will be glued together with LIA techniques and Python scripting. We advice the assignment of 2 students as we require a small PoC in the given timeframe.
 Stavros Konstantaras <stavros.konstantaras=>ams-ix.net>
David Garay <David.Garay=>os3.nl> 		R
P 		2
38

IoT (D)DoS prevention and corporate responsibility: A model to prevent polluting the internet.

The Dyn DOS attacks shows a fundamental problem in internet connected devices. Huge swathes of unpatched and improperly configured devices with access to high bandwidth are misused to bring down inter; What technical prevention and detection methods can organizations employ to make sure that they are not a contributor to this problem? And what can they do once it does appear they are inadvertently contributing to this problem? This would focus on literary research combining research in DoS prevention, asset management, patch management and network monitoring. 		Alex Stavroulakis <Stavroulakis.Alex=>kpmg.nl>
Swann Scholtes <Swann.Scholtes=>os3.nl>
 R
P 		2
39

Using machine learning in network traffic analysis for penetration testing auditability.

The goal of this project is to train a model to recognize different types of traffic correlating to different actions a pentester executes. Examples of these actions are running different types of portscans, directory or password brute force attacks, creating a reverse TCP shell and more. By evaluating the accuracy of this model, we hope to gain insight in whether this approach would be useful for pentesting auditability. The research question we want to answer is as follows:
  • How reliable is using machine learning in network traffic classification for pentesting auditability?
Code: https://github.com/THuizinga/Pentest-network-traffic-classification 		Alex Stavroulakis <Stavroulakis.Alex=>kpmg.nl>
Tiko Huizinga <Tiko.Huizinga=>os3.nl> 		R
P 		2
41

Security evaluation of glucose monitoring applications for Android smartphones.

With the "recent" health trend of fitness apps and hardware such as fitbits, combined with the /need/ to share results with friends, family and the world through facebook, runkeeper, strava and other sites we have entered into an era of potential cyber unhealthiness. What potentially valuable information could be retrieved from the web or through bluetooth about people to influence health insurance rates of individuals? Note: this is a broad question, and it is up to the student to choose his/her own liking (e.g. focus on bluetooth security of fitbits/mi’s; identification of individuals through strava/runkeeper posts; quantifying the public sharing of health information; etc. etc.).
 Ruud Verbij <Verbij.Ruud=>kpmg.nl>
Roy Vermeulen <rvermeulen=>os3.nl>
Edgar Bohte <ebohte=>os3.nl> 		R
P 		1
44

(Re)-Pairing attacks on the Bluetooth Low Energy (BLE) Protocol.

Within the current market one can observe a growth in the use of Bluetooth Low Energy devices (Statista 2017). Given that  the  HCI  layer  of  the  Bluetooth  protocol  abstracts  the Bluetooth traffic from the operating system. One would not be able to analyze the Bluetooth traffic within a piconet using consumer grade Bluetooth chips because of this abstraction.

However, in 2011 Micheal Ossman presented the Ubertooth One a hardware platform intended for Bluetooth development and analysis. With the release of the Ubertooth One the abstraction introduced by the HCI layer has been removed and one can directly analyze the Bluetooth traffic during transit in the air. The Ubertooth One and similar hardware platforms create a new challenge because one has to know the sequence used  with  direct-sequence  spread  spectrum  (DSSS)  to  be able to follow the connection real time. In this research we will  attempt  to  listen  to  all  the  40  Bluetooth  Low  Energy Channels  at  once  by  making  use  of  an  Universal  Software Radio  Peripheral  (USRP)  and  try  to  inject  Bluetooth  Low Energy packets in an existing piconet using an USRP.
 Hidde-Jan Jongsma <hidde-jan.jongsma=>tno.nl>
Vincent Breider <vincent.breider=>os3.nl>
Marko Spithoff <marko.spithoff=>os3.nl>
 R
P 		2
55

Planning and Scaling a Named Data Network with Persistent Identifier Interoperability.

The objective is to use the NDN-as-a-service to prototype the SeaDataCloud use case.

The research structure in the project will be as follows:
  • Assume there will be different number of digital object providers
  • Assume we know the potential distribution of the users
  • How can we
    1. plan a NDN network, routers, etc.,
    2. deploy them on cloud,
    3. demonstrate their usage,
    4. benchmark the performance.
 Zhiming Zhao <z.zhao=>uva.nl>
Kees de Jong <kees.dejong=>os3.nl>
Anas Younis <anas.younis=>os3.nl> 		R
P 		2
57

A Deep Dive into the Dark Web.

Description:

Every now and then you encounter claims that the 'surface' web is about 4% of the internet and the deep web is about 96% of the internet. Many 'infographs' are made to illustrate this, and it is a popular believe, see:
<https://www.google.nl/search?q=surface+web+4%25+deep+web+96%26&source=lnms&tbm=isch&sa=X&ved=0ahUKEwjLp8e_nNTWAhVFU1AKHdmJDVoQ_AUICigB&biw=1689&bih=922 >.

However, these claims seem to originate from a white paper released in 2001 with the following claims <https://quod.lib.umich.edu/cgi/t/text/text-idx?c=jep;view=text;rgn=main;idno=3336451.0007.104>:
  • Public information on the deep Web is currently 400 to 550 times larger than the commonly defined World Wide Web.
  • The deep Web contains 7,500 terabytes of information compared to nineteen terabytes of information in the surface Web.
The goal of this research project is to determine how large the dark web currently is either in absolute size or compared to the 'surface' web. Other focus points can be regarding different definitions of 'surface', 'dark' and 'deep' web, and how the size, popularity and/or definition of the dark web has developed itself since 2001. 		Stijn van Winsen <vanWinsen.Stijn=>kpmg.nl>
Soufiane el Aissaoui <elAissaoui.Soufiane=>kpmg.nl>
Coen Schuijt <Coen.Schuijt=>os3.nl> 		R
P 		1
59

Client-side Attacks on the LastPass Browser Extension.

Tools exist for the extraction of credentials for certain popular password managers (such as KeePass 2.x, the Chrome password manager, etc.). During redteam projects where a cyber attack is simulated, we make use of tooling that can extract credentials from memory (e.g. KeeThief for KeePass 2.x).
;
However, similar tooling appears to be missing for older KeePass 1.x databases and other popular password managers including PasswordSafe, 1Password and LastPass. We are looking to investigate which protection mechanisms these password managers employ, and whether it is possible to extract credentials in the same way. Both solutions for offline usage and online usage are of interest (especially if a desktop client is available). 		Cedric Van Bockhaven <cvanbockhaven=>deloitte.nl>
Derk Barten <Derk.Barten=>os3.nl> 		R
P 		1
61

Bypassing Phishing Mail Filters (cont'd).

Email phishing is currently one of the most problematic threats in network security. By sending out emails that may be very similar to legitimate ones, attackers aim to harvest information by making users believe that they are communicating with a trusted entity. Although many techniques exist[3] to prevent phishing emails from reaching end users, studies[1] show that a lot of these techniques lack efficiency, are costly and too complex to be used in large environments or are simply not used. As Ammar Almomani et al. stated in their survey[1], the main technical approaches to counter email phishing are content analysis, network-level protection and authentication. The objective of this study is to examine which mechanisms are effectively used by spam filters against phishing attacks at a net- work and protocol level, and to determine how to bypass these mechanisms.

The main research question of this study is defined as follows:

;;; Which network and authentication aspects of phishing emails can be modified in order to bypass common spam filters?

In order to answer our main research question, we will have to answer a number of sub-questions:

;;; What network level protections and authentication mechanisms are com- monly used to prevent phishing attacks?
;;; Which of these protections can be found in spam filters?
;;; How efficient are these solutions?
;;; How efficient is reputation-based email filtering?

[1] Ammar Almomani et al. "A survey of phishing email filtering techniques". In: IEEE communications surveys & tutorials 15.4 (2013), pp. 2070-2090.

[3] Ian Fette, Norman Sadeh, and Anthony Tomasic. "Learning to detect phishing emails". In: Proceedings of the 16th international conference on World Wide Web. ACM. 2007, pp. 649-656.
 Alex Stavroulakis <Stavroulakis.Alex=>kpmg.nl>
Marat Nigmatullin <Nigmatullin.Marat=>kpmg.nl>
Adrien Raulot <Adrien.Raulot=>os3.nl> 		R
P 		2
62

Characterization of a Cortex-M4 microcontroller with backside optical fault injection.

Riscure produces fault injection tooling. This includes lasers that are used to alter the intended behaviour of chips. The goal of this project is to analyze the effectiveness of one of our newer lasers on embedded systems. During this project you will characterize the impact of this laser on the intended behaviour of the targeted chip.
 Niek Timmers <Timmers=>riscure.com>
Jasper Hupkens <jasper.hupkens=>os3.nl> Dominika Rusek <dominika.rusek=>os3.nl> 		R
P 		1
63

Invisible Internet Project - I2P.

Anonymity networks, such as Tor or I2P, were built to allow users to access network resources without revealing their identity [1,2]. This project will be aimed at theoretical research into existing attacks and how they hold up given I2P updates and current network size [3,4,5]. The fact that only little is known about the i2p network and due to its potential for future growth and public perception of it being the most secure solution compared to Tor and Freenet [6], results in our research questions:

  1. What are possible attacks against the I2P network?
  2. What is the feasibility of such attacks?

In this research, we will present a number of possible attacks against the i2p network. Specifically, the attacks that are able to deanonymize the i2p users and reveal their identities. We will be researching from the theoretical point of these attacks, and propose a mitigation mechanisms against them. Should time and ethical considerations allow, a proof of concept can supplement the research.

Ethical Consideration:

During our research, we will be looking on the i2p network and the way it works. In addition to that, we will be looking at the possible attacks from a theoretical point of view. To get a better understanding of the network, we may need to do some practical reconnaissance. However, this will be mostly passive in nature and no attack shall be attempted against the live I2P network. Therefore, we do not see ethical issues where any confidential or personal data might leak.

Some related work:

  1. https://www.cs.ucsb.edu/~chris/research/doc/raid13_i2p.pdf
  2. https://static.siccegge.de/pdfs/bachelor-thesis.pdf
  3. https://www.dailydot.com/debug/tor-freenet-i2p-anonymous-network/
  4. https://hal.inria.fr/file/index/docid/653136/filename/RR-7844.pdf
  5. https://geti2p.net/en/comparison/tor
  6. https://www.tandfonline.com/doi/full/10.1080/21642583.2017.1331770
  7. https://hal.inria.fr/hal-01238453/file/I2P-design-vs-performance-security.pdf

See also: http://www.dcssproject.net/i2p/

 Henri Hambartsumyan <HHambartsumyan=>deloitte.nl>
Vincent van Mieghem <vvanmieghem=>deloitte.nl>
Fons Mijnen <fmijnen=>deloitte.nl>
Vincent Breider <vincent.breider=>os3.nl>
Tim de Boer <tim.deboer=>os3.nl> 		R
P 		1
64

A Comparative Security Evaluation for IPv4 and IPv6 Addresses.

We currently move to ever-greater deployment rates of IPv6. However, comparative IPv4 and IPv6 security evaluations in the past have shown that the security state of multihomed systems is often worse via IPv6 than via IPv4. In this research project, you will build an Internet measurement setup that identifies IPv4/IPv6 multihomed systems and measures their security state for IPv4 and IPv6 correspondingly. The scientific contribution of your work will then be in the evaluation and analysis of the collected data, especially in the context of prior work.

Suggested reading: Czyz, J., Luckie, M.J., Allman, M. and Bailey, M., 2016, February. Don't Forget to Lock the Back Door! A Characterization of IPv6 Network Security Policy. In NDSS. 		Tobias Fiebig <T.Fiebig=>tudelft.nl>
Erik Lamers <erik.lamers=>os3.nl>
Vincent van der Eijk <Vincent.vanderEijk=>os3.nl> 		R
P 		1
66

Static Code Analysis on Networking Code: Identifying the possibilities of finding implementation flaws using Abstract Syntax Trees.

Static code analysis tools are nowadays mainly used to detect bugs and unoptimized code. With the vast majority of applications utilizing networking to either bringing in patches, or are intensively receiving small updates from servers (such as games). This part tends to be analyzed manually using internal debugging tools. The potential difficulty here is that the manual inspection can leave out opportunities to overflow either the client or server (or both) with unnecessary data, or by having unoptimized bundled messages that could lead to lots of unnecessary overhead. These issues could lead to major consequences in production, such as server downtime, severe latency or corruption of data if unattended.

This is a relatively new field, where static code analysis currently utilize machine learning in order to find bugs and unoptimized usage in code, rather than analyzing potential networking performance. In this research, the possibility of detecting networking performance flaws is investigated. The possibility of functionality in the static code causing a Denial of Service (DoS) or unnecessary overhead will be investigated, as well as the possibility to give suggestions on how to optimize it instead. The following main research question is defined as follows:
  • Is it possible to create a tool to analyze static code to detect potential network performance issues?.
Two sub questions were derived from this question:
  1. How can network performance issues be defined, so that it can be detected?
  2. How can you identify network performance issues in various scales of code bases in an efficient way?
 Wouter van Dongen <wouter.vandongen@dongit.nl>
Ivar Slotboom <ivar.slotboom@os3.nl>
 R
P 		1
74

Calculating metadata propagation time within eduGAIN.

Mesh identity federations and the eduGAIN Interfederation Service build their trust on the exchange of SAML metadata to limit the audience to known actors. Responding to security threats, key rollover or even updates to service configuration can be achieved with changes in metadata configuration of a service (SP) or identity provider (IdP). The time that it takes for a configuration to flow from the IdP/SP to their home federation, via inter federations services such as eduGAIN, and on to other IdPs/SPs is important to ensure consistent configuration throughout the environment. The research question is:
  • What is {best,worst,average} the propagation time of metadata throughout SAML identity federations?
Additional sub-questions that could be explored:
  • Can manual vs automatic metadata updates be detected by looking at metadata propagation times?
  • What levels of cohesion within federations, and what bilateral agreement can be exposed by looking at metadata exchange?
  • Can clashing versions of metadata be detected via external assessment of metadata exchange?
 Brook Schofield <brook.schofield=>geant.org>
Marcel den Reijer <Marcel.denReijer=>os3.nl> 		R
P 		2
76

Practical Implications of Graphene-SGX.

Intel SGX offers new instructions for Intel CPUs that allow you to have a "secure enclave" in which code can be run in a compartmentalized fashion (that should be secure even if the main OS compromised). This project could look into how SGX can be used to save e.g. documents safely so even the admin can’t access them, and what pitfalls could be of the system.
 Gijs Hollestelle <ghollestelle=>deloitte.nl>
Robin Klusman <robin.klusman=>os3.nl>
Derk Barten <derk.barten=>os3.nl> 		R
P 		2
79

Development of Techniques to Remove Kerberos Credentials from Windows Systems.

Industrial Control System research.

Windows saves all credentials entered into it since boot. Because ICS systems need a near 100% availability, a reboot of the machine is not possible to clear the memory of the credentials. Therefore, the main question that will be answered during this research project is:
  • How can Kerberos credentials be completely purged out of memory without rebooting the system?
To answer this question, we will investigate the following sub-questions:
  1. Where does the lsass.exe process write its Kerberos credentials in memory, or where does it read Kerberos credentials from?
  2. How does the ’klist purge’ command remove Kerberos credentials?
  3. How does Mimikatz read out Kerberos credentials from memory?
  4. How can the process of completely overwriting Kerberos credentials in memory be automated?
 Dima van de Wouw <dvandewouw=>deloitte.nl>
Nick Offerman <Nick.Offerman=>os3.nl>
Steffan Roobol <steffan.roobol=>os3.nl> 		R
P 		1

Presentations-rp2

Program (Printer friendly version: HTML, PDF): The event is on Thursday July 4, 2019.
Thursday July 4, 2019, Auditorium H0.008, FNWI, Sciencepark 904, Amsterdam.
Time #RP Title Name(s) LOC RP
10h00
Welcome, introduction. Cees de Laat

10h00 22
 Next generation Wi-Fi.
 Daan Weller, Raoul Dijksman LibertyGlobal 1
10h25 44
 (Re)-Pairing attacks on the Bluetooth Low Energy (BLE) Protocol.
 Vincent Breider, Marco Spithoff TNO 2
10h50
break


11h10 76
 Investigation of Graphene and Intel SGX.
 Robin Klusman, Derk Barten DeLoitte 2
11h35 79 Development of a tool to delete Kerberos tickets of prior logon sessions from Windows Systems.
 Nick Offerman, Steffan Roobol DeLoitte 1
12h00
Lunch


13h10 29 Analysis of potential threats that jeopardize the availability of SURFwireless. Kasper van Brakel SURFnet 2
13h30 74
 Calculating metadata propagation time within eduGAIN.
 Marcel den Reijer GEANT 2
13h50 66
 Static Code Analysis on Network Performance: Detecting unoptimized usage of networking code.
 Ivar Slotboom dongit 1
14h10
break


14h30 55 Enhanced distributed data access on a large scale with NDN and PIDs.
 Kees de Jong, Anas Younis UvA 2
14h55 30 Measuring end-to-end latency with P4 and INT.
 Siebe Hodzelmans UvA 2
15h15
break


15h35 31 Scaling the configuration of AMS-IX Route Servers.
 David Garay Ams-IX 2
15h55 39 Using machine learning in network traffic analysis for penetration testing auditability. Tiko Huizinga KPMG 2
16h15
End


Presentations-rp1

Program (Printer friendly version: HTML, PDF.
Monday feb 4th 2019, 15h05 - 17h00 in B.1.23 at Science Park 904 NL-1098XH Amsterdam
Time #RP Title Name(s) LOC
 RP
15h05
Welcome, introduction. Staff

15h10 72
 How To Reduce The Risk Of Email Data Breaches. Nick Offerman minvenj 1
15h30 59
 Credential extraction of in-memory password managers. Derk Barten deloitte 1
15h50
break


16h10 28
 The development of a contained and user emulated malware assessment platform Siebe Hodzelmans, Frank Potter deloitte 1
16h35 63
 Invisible Internet Project - I2P. Vincent Breider, Tim de Boer deloitte 1
1700
End



Tuesday feb 5th 2019, 10h00 - 17h00 in room B1.23 at Science Park 904 NL-1098XH Amsterdam.
Time #RP Title Name(s) LOC RP
10h00
Welcome, introduction. Cees de Laat

10h00 64 A Comparative Security Evaluation for IPv4 and IPv6 Addresses. Erik Lamers, Vincent van der Eijk tudelft 1
10h25
 62
 Characterization of a Cortex-M4 microcontroller with backside optical fault injection. Jasper Hupkens, Dominika Rusek riscure 1
10h50
bio/coffee break


11h10 27
 Password Classification. Tiko Huizinga NFI
 1
11h35 4
 ABlockchain's Relationship with Sovrin for Digital Self-Sovereign Identities. Daan Weller, Raoul Dijksman TNO
 1
12h00
Lunch


13h00 41
 Security of diabetes monitoring apps. Roy Vermeulen, Edgar Bohte kpmg 1
13h25 24
 Forensic investigation of Chinese smartwatches. Kasper van Brakel, Renee Witsenburg kpmg 1
13h50 57 A Deep Dive into the Dark Web. Coen Schuijt kpmg 1
14h10
bio/tea/coffee break


14h30 25
 WhatsApp End-to-End Encryption: Are Our Messages Private? Pavlos Lontorfos, Tom Carpaij kpmg 1
14h55 12
 Technical feasibility of Segment Routing Traffic Engineering to steer traffic through VNFs. Ronald van der Gaag, Mike Slotboom SURFnet
 1
15h20 20
 Network Peering Dashboard for SURFnet. David Garay SURFnet 1
15h40
End




Out of normal schedule presentations: Room B1.23at Science Park 904 NL-1098XH Amsterdam. Program:
Date Time Place #RP Title Name(s) LOC RP
2018-10-15
 13h00
 B1.23 1
 End-to-end automated email component testing.
 Isaac Klop, Kevin Csuka NLnet
 2
2018-11-13
 14h00
 B1.23 61
 Bypassing Phishing Protections.
 Adrien Raulot
 KPMG
 2
2019-02-26
 13h00
 B1.23 11
 Network Functions Virtualization and Security. Rik Janssen SURFnet 2
2019-06-07
 15h30
 B1.23 38
 IoT DOS prevention and corporate responsibility. Swann Scholtes KPMG 2