SNE Master Research Projects Web Page


Home Previous years


This page reports the list of student projects with the type (long or short), the contact person for each project ("@" is replaced by "=>"), the status (available or assigned) the warning level (low, medium or high; where high means that is strongly suggested to submit the project proposal head of time to not incur in delays). New projects will be added at the end. All other information related with the projects are available on the course pages on Canvas.

Number and Type Title and Abstract Supervisor Status Warning
1 - short
Security impact of DNS over TLS (DoT) and DNS over HTTPS (DoH)

DNS resolution is a critical and sensitive service. By default, DNS queries and responses are sent in plaintext. There are mainly two recently developed protocols, DNS over TLS (DoT) and DNS over HTTPS (DoH), which are of growing importance aiming to protect DNS privacy. Such encrypted protocols are cleary of benefit by protecting integrity and confidentiality of DNS traffic. However, they can effectively disrupt security controls and network monitoring solutions. The goal of this research is to analyse the security impact of DoT and DoH in order to securely implement encrypted DNS without compromising network security.
Silke Knossen <silke.knossen=>kpn.com> unavailable
low
2 - short
Topic: TR-369 research

TR-69 is a commonly used protocol for remote management of modems/routers/gateways, which has been around for 15 years. Until now, this is how most consumer modems are remotely managed at KPN. A new protocol has been developed by the Broadband Forum, which is called TR-369. It is intended to replace TR-69. It offers a new architecture where multiple "controllers" (providers, vendors, or end users) can interact with endpoint devices (modems/routers, wifi controllers, iot etc). It supports multiple transport protocols, including websockets/COAP/MQTT/etc. KPN REDteam recently did a time boxed test on a test setup for a new modem which is controlled through TR369 (in this case, over MQTT), and we found some security issues.

Goals:
* Review TR369/transport protocol "suite" with regards to security.
* Create tooling/pentesting a modem with TR369 backend infrastructure.

References:
https://www.avsystem.com/blog/TR-369/
https://www.broadband-forum.org/download/TR-369.pdf

Notes:
Project available only for a group of two students
Anand Groenewegen <anand.groenewegen=>kpn.com> and Stef van Dop <stef.vandop=>kpn.com>
Selected, but open for a second student in case. medium
3 - short
Privacy and Robustness in DP-based (Differential Private based) Federated Learning

Federated learning is a collaborative learning infrastructure in which the data owners do not need to share raw data with one another or rely on a single trusted entity. Instead, the data owners jointly train a Machine Learning model through executing the model locally on their own data and only share the model parameters with the aggregator. While the participants only share the updated parameters, still some private information about underlying data can
be revealed from the shared parameters. To address this issue, Differential Privacy has been used as effective tool to protect information leakage over shared parameters in Federated Learning, say DP-FED. However, it has not yet been investigated whether (and to what extent) the DP-FED is resistant against attacks.

This project aims to evaluate the resistance of DP-FED against different attacks and to explore the possibilities of reducing the success rate of these attacks. To conduct this research, at least three datasets, three different DP-FED techniques, and three different privacy threat models should be selected. Then, a comparison of DP-FED and FED (without DP) should be performed to evaluate how much embedding Differential Privacy in Federated Learning
algorithms makes them robuster.

The following papers are suggested to be studied for this work:
1. Mohammad Naseri, Jamie Hayes, and Emiliano De Cristofaro; Toward Robustness and Privacy in Federated Learning: Experimenting with Local and Central Differential Privacy, CoRR, 2020.
 
2. Lingjuan Lyu, Han Yu, Xingjun Ma, Lichao Sun, Jun Zhao, Qiang Yan, Philip S. Yu, Privacy and Robustness in Federated Learning: Attacks and Defenses, arXiv, 2022.

3. Ahmed El Ouadrhiri, Ahmad Abdelhadi, Differential Privacy for Deep and Federated Learning: A Survey, IEEE Access, 2022.

4. Malhar Jere, Tyler Farnan, and Farinaz Koushanfar; A Taxonomy of Attacks on Federated Learning, IEEE Security & Privacy, 2021.

5. Xiaoyu Cao, Jinyuan Jia, Neil Zhenqiang Gong, Data Poisoning Attacks to Local Differential Privacy Protocols, CoRR, 2019.

6. Minghong Fang, Xiaoyu Cao, Jinyuan Jia, Neil Zhenqiang Gong; Local Model Poisoning Attacks to Byzantine- Robust Federated Learning, the 29th Usenix Security Symposium, 2020.
Mina Sheikhalishahi <mina.sheikhalishahi=>ou.nl> available medium
4 - short
Private GAN for Machine Learning

Generative Adversarial Network (GAN) provide a promising direction in research studies where data availability is limited. One common issue in GANs is that due to the high model complexity of deep networks, they are vulnerable in revealing information about training samples. This issue has been addressed in several studies by designing Differentially Private GAN (DPGAN) models, in which DP is adopted in training GANs. While DPGANs serve as effective tools in this regard, still a comprehensive understanding of the utility of this new generated data, with the purpose of being used as the source data of Machine Learning algorithms, is missing. Also, it is not clear how much each DPGAN technique is resistant against privacy threats compared to other DPGAN methodologies.

In this project, we select several DPGAN techniques, several datasets (with different properties), several ML algorithms, and two/three privacy attacks. We first train DPGAN techniques on selected datasets. We next evaluate the utility of data by employing ML algorithms on generated data. We compare the utility of generated data based on ML model accuracy. Also, we analyze how the dataset properties and the ML technique properties affect the effectiveness of data. We then employ privacy attacks on DPGANs and compare the results with GANs to evaluate and compare the robustness of different DPGANs.

The following studies are recommended:

1. Liyue Fan, A Survey of Differentially Private Generative Adversarial Networks, 2021.

2. Liyang Xie, Kaixiang Lin, Shu Wang, Fei Wang, Jiayu Zhou, Differentially Private Generative Adversarial Network, 2018.

3. Chugui Xu, Ju Ren, Deyu Zhang, Yaoxue Zhang, Senior , Zhan Qin, Kui Ren, GANobfuscator: Mitigating Information Leakage Under GAN via Differential Privacy, IEEE Transaction on Information Forensics and Security, 2018.
Mina Sheikhalishahi <mina.sheikhalishahi=>ou.nl> available medium
5 - Long
Comparison of state-of-the-art endpoint defence solutions to (partially) open-source endpoint defence

Endpoint defence evolved a lot in the last decade and the old anti-malware / anti-virus software a small sub-section of the state-of-the-art endpoint defence solutions. Instead of anti-malware / anti-virus, we are now talking about Endpoint Defense and Repsonse (EDR), Data Loss Protection (DLP), File Integrity Monitoring (FIM) and other fancy words that suppliers have the creativity to come up with. The biggest suppliers on the market are busy expanding their software with new features. This project will allow the students to get access to some vendor trial licences (1 or more) and compare the functionality of the products with free and open-source product offerings. Depending on student ability the project can result in the development of new features into open-source products. A minimum expected deliverable of the project is a comparison report and proposed development path to improve the open-source or proprietary products.

This long project is divided in the following way:

*) Phase 1: building on the RP of Dennis from 2021, further develop an open criteria of assessing and quantifying the effectiveness of a modern EDR (qualitative theoretical study)
*) Phase 2: put this theory into practice by putting several state of the art tools to test, possibly in a specific context (Office IT or possibly SCADA) depending on availability of opportunities
Peter Prjevara <peter=>securitymindset.eu> unavailable low
6 - Short
Comparison of architectures supporting high integrity and secure data pipelines

Tennet TSO is a leading European grid operator committed providing secure and reliable supply of electricity 24 hours a day 365 days a year, while helping to drive the energy tranisition. As a first cross-border Transmission System Operator (TSO), we design, build maintain and operate 23,900 km of high-voltage electricity grid in the Netherlands and large parts of Germany and facilitate the European energy market, through 16 interconnectors to neighboring countries. As part of this effort some of our teams are committed to deliver a private cloud infrastructure that house the data pipelines we use to interface between our internal departments and with our external partners. In these data pipelines data integrity and security is of high importance, so we must use modern technologies and data architectures that support this data integrity and security. However we also have legacy requirements, which must integrate securely with the modern technologies. Modern technologies we use include k8s and Apahce Kafka and MinIO, while some of the legacy requirements we have is the need for SQL based querying methods, or file based data transfers (SCP / SFTP).We would like to offer a project to SNE students where they explore the possibilities of architecting data pipelines combining these technologies - or even newer / better ones. Some of the questions that can form a basis for research questions are as follows:

- How are these technologies can be best combined to offer maximum data integrity?
- How can the technologies be best used to create long term, highly integer data archiving?
- What are the limits of this integration (on the available hardware to the students)?
- What are the advantages / disadvantages of implementing the architecture as a service-mesh instead of traditional architectures?

As the students will require to build their own test environment, this project is suitable for 2 candidates. Tennet will facilitate engineering support where students will gain insight into what problems the engineers and architects find important during the design of such architectures, and how the Agile teams in Tennet work together to deliver similar systems and architectures.
Peter Prjevara <peter=>securitymindset.eu> available low
7 - Short
Parser differentials in micro services

Environments that use micro services often have a wide variety of programming languages and frameworks. Therefore, we suspect that parser differentials vulnerabilities are common in micro service architectures. For example how two libraries parse (malformed) JSON, HTTP requests etc. This could lead to interesting vulnerabilities that are hard to find. The goal of this project would be to find such parser differentials in commonly used libraries and see if this could lead to real vulnerabilities.
Daan Keuper <dkeuper=>computest.nl>
unavailable  medium
8 - Short
Race conditions in web applications

In local applications race conditions are well understood and we have tons of examples that were affected by this vulnerability class. However, in web applications research on this topic seems to be scarce. We’ve found some real life vulnerabilities abusing race conditions (for example, claiming a coupon code more than once), but we suspect that more of such cases could be found. The goal of this project is to find more examples of race conditions  in web applications in real life applications.
Daan Keuper <dkeuper=>computest.nl>
unavailable  medium
9 - Short
Purple teaming for telecom operators

During the last 5-10 years, a large number of organisations have adopted RED and BLUE teams. A new trend can be seen where these offensive and defensive teams work in harmony. Recent whitepapers affirm this trend[1] and outline the benefits[2]. As the largest telecom operator in The Netherlands, KPN is continuously strengthening the ties between its BLUE- and REDteam. By working together (purple teaming), we increase knowledge and effectiveness on both sides. This research is divided into a theoretical part, what does literature state regarding purple teaming best practices, and a case study by designing/building a purple team CTF combining the studied literature with a telco perspective.

Goals
* Literature study on purple team
* Design a purple team capture the flag

References:
[1] https://danielmiessler.com/study/red-blue-purple-teams/
[2] https://www.redscan.com/news/purple-teaming-can-strengthen-cyber-security/

Notes:
Project available only for a group of two students
Anand Groenewegen <anand.groenewegen=>kpn.com> and Stef van Dop <stef.vandop=>kpn.com> unavailable medium
10 - Long
XDP-based DNS hot cache

The eBPF and specifically XDP paradigms enable for processing of packets in the Linux kernel without touching the full network stack and user space.  While the flexibility of, and resources available to such XDP programs are limited, simple programs can reduce system load significantly. In DNS for example, if we can determine we can not or will not answer a DNS query at such a very early stage, we do not need to bother the software running in user space with it.

For this project, the goal is to design, develop and assess a BPF/XDP program that serves as a DNS Hot Cache, serving answers to often asked queries from kernel space.

# Part 1: design and development

In the first part of the project, the students familiarize themselves with the BPF/XDP paradigm and tool chain. At NLnet Labs, we have experience with using XDP for DNS, so we will be up to speed quickly. The final program will need to store DNS answers coming from user space, and re-use them to answer subsequent queries from kernel space directly. In preparation for part 2, we deploy the program at an actual nameserver/resolver, gathering measurements for assessment and the final report.

# Part 2: assessment of measurement results, reporting

At this stage, the developed XDP program has been running for several months, generating data such as log entries and measurements. Based on the collected insights, the students assess if and to what extent the program has affected the performance of the DNS service. (A possible outcome could be an advice on which parameters require fine-tuning for certain use-cases or networks.)

Luuk Hendriks <luuk=>nlnetlabs.nl> and Willem Toorop <willem=>nlnetlabs.nl>
available  low
11 - Short
What are the practical implementation limits of eBPF (programs)?

eBPF (which is no longer an acronym for anything) is a revolutionary technology with origins in the Linux kernel that can run sandboxed programs in a privileged context such as the operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel without requiring to change kernel source code or load kernel modules." - https://ebpf.io/what-is-ebpf

eBPF sounds like the holy grail for developing 'user space'-like applications inside kernel space in a safe manner, but what can and can't you achieve as a developer of eBPF programs?

- What categories of applications can and cannot be implemented in eBPF?
- What are technical limitations that are preventing the developer of creating an application of such a category?
- What can be done to remove this limitation?
Serge van Namen <serge.van.namen=>sue.nl> and Chris Hendriks <chris=>sue.nl>
unavailable  low
12 - Short
What is the current security posture of eBPF and implied risk of using eBPF programs?

eBPF (which is no longer an acronym for anything) is a revolutionary technology with origins in the Linux kernel that can run sandboxed programs in a privileged context such as the operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel without requiring to change kernel source code or load kernel modules." - https://ebpf.io/what-is-ebpf

- What is the current security posture?
- What are the current risks of running eBPF programs?
- What are the attack surfaces?
- What is the impact upon compromise?
- How can these programs be protected?
Serge van Namen <serge.van.namen=>sue.nl> and Chris Hendriks <chris=>sue.nl> Unavailable.
low
13 - Short
The security state of Kubernetes

Kubernetes is becoming more and more the 'universal controle plane' for (cloud) computing. Inherent to significant growth in a technology domain is the decision of not degrading security when migrating workloads to new technology.

- What is the current security posture of Kubernetes with regards to container runtime e.g. selinux, seccomp, etc in contrast to usability?
- What can be improved?
- How can this be improved?
- What is the impact of these improvements on the usability of Kubernetes?
Serge van Namen <serge.van.namen=>sue.nl> and Chris Hendriks <chris=>sue.nl> available  low
14 - Short
eBPF based Malware

eBPF (which is no longer an acronym for anything) is a revolutionary technology with origins in the Linux kernel that can run sandboxed programs in a privileged context such as the operating system kernel. It is used to safely and efficiently extend the capabilities of the kernel without requiring to change kernel source code or load kernel modules." - https://ebpf.io/what-is-ebpf

- What types of malware can be developed inside an eBPF program?
- How can eBPF based malware be detected?
- How can a system be hardened against eBPF based malware?
- What persistency capabilities does eBPF facilitate for malware?
Serge van Namen <serge.van.namen=>sue.nl> and Chris Hendriks <chris=>sue.nl> unavailable  medium
15 - Long
EPI - Enabling Personalized Interventions

We propose the EPI* Framework to enable secure data sharing within the healthcare context. The framework addresses multiple concerns across different levels; namely: policy level, data level, application level, and network level. Within this project proposal, we mainly focus on the last network level. To abide by security requirements at the low level of packets, we instantiate and provision Virtualised Network Functionalities (VNF) on the fly. Moreover, we containerise said VNF for higher efficiency and easier deployment. As a result, we bridge any existing security gap between the end nodes of the data-sharing session via containerised VNF or Bridging Functions (BF’s).

The framework utilises Kubernetes to orchestrate and schedule resources to run microservices across distributed clusters of proxy nodes. The goal of this project is to evaluate the framework setup via a specific threat model, and define the best practices/ mitigations in terms of security configurations. Moreover, we aim to investigate that by simulating a number of attacks to confirm the evaluation further experimentally.

Potential questions to investigate:
1- There are a number of available threat modelling methods like: STRIDE, LINDDUN, CVSS, etc. Threat models can be software centric, attacker centric, and asset centric depending on what level of security you are investigating. With the goal of evaluating the framework in mind, how to choose the appropriate methodology to use?
2-  Based on that, what threat model to use to create a system abstraction, identify security requirements, potential vulnerabilities, and mitigations while running network-based microservices with Kubernetes? Example: key management, worker node authentication, etc.

*EPI - Enabling Personalized Interventions: https://delaat.net/epi/index.html

BF chaining and proxy implementation: https://github.com/onnovalkering/socksx
Jamila Alsayed Kassem <j.alsayedkassem=>uva.nl> available  low
16 - Long
Side-channel analysis using on-line statistics

Side-channel analysis is the art of cracking cryptographic implementations by observing unintended signals such as the algorithm’s execution time or the power consumption of a device
[https://youtu.be/OlX-p4AGhWs]

Industrial-level side-channel analysis requires lengthy signal measurements over multiple days. Acquiring and processing such a large datasets is a very demanding computational task that must be carried out within specific time constraints.

In this project we will utilize efficient online statistical computations that can pinpoint the useful part of the signal in a very large dataset. To do so efficiently, we will “drill” for useful leakage information through reinforcement learning algorithms. Our final goal is to develop an efficient processing strategy that will maximize our ability to detect and perform side-channel attacks

Statistical formulas: [https://eprint.iacr.org/2015/207.pdf]

Matlab code for statistical formulas(also available in Python): [https://github.com/kostaspap88/statistics]


1st part: study and utilize online statistics
2nd part: adaptive “drilling” for leakage
Kostas Papagiannopoulos <k.papagiannopoulos=>uva.nl> available  low
17 - Short
Analysis of Hashicorp Vault Integrated storage (RAFT) back-end

Within (large) distributed environments storing, managing and provisioning your secrets securely can be difficult. There are several secret managers available in the wild that can help tackle life-cycle management of secrets in distributed environments. Vault is an opensource secrets manager created by Hashicorp. Since the 1.4 release of Vault the Integrated storage back-end that uses RAFT as a consensus algorithm for replicating data between Vault instances has been introduced. A secrets manager such as Vault becomes an interesting point of attack for malicious users. When using a tool such as Vault making sure that data stored in and exchanged via Vault is Secure is extremely important.

- How secure are secrets at REST when the Integrated Storage back-end is used?
- How secure is the exchange of secrets via the RAFT consensus algorithm?
- Are there any avenues of attack that can be exploited to retrieve information/secrets?
Maurice Mouw <Maurice.Mouw=>os3.nl> unavailable  Low
18 - Long
Formal verification of P4_16 for robust data plane programmability

The advent of programmable network switch ASICs and recent developments on other programmable devices (NPUs, FPGAs etc.,) drive the renewed interest in network data plane programmability. Data plane programmability refers to the capability of a network device to expose the low-level packet processing logic to the control plane through a standardized API, to be systematically, rapidly, and comprehensively reprogrammed. Domain specific programming languages such as P4 [1] have emerged, enabling to describe the entire packet processing in a protocol-independent way at a high abstraction level. P4 has gained strong community support, covering both industry and academia. Data plane programmability enables unprecedented network flexibility, but it may come at the cost of robustness. The shift from fixed function to programmable data planes increases the chance of introducing bugs due to incorrect protocol implementations. Such bugs can be easily transformed into vulnerabilities e.g., if exploited towards the violation of network security policies. There have been efforts to overcome this problem by checking if the network satisfies the intended properties use formal verification techniques (e.g., model checking or symbolic execution). For example, Kheradmand and Rosu [2] developed a complete operational semantics for P4 v14 in the K framework, enabling symbolic model checking and deductive verification. As another example, Liu et al. [3] developed a translational semantics from P4_14 to a Guarded Command Language for practical verification.

Within the course of this joint RP1-RP2 project the student will
1. Phase 1: Investigate the state of the art in the area, get familiarized with P4 DSL, analyze, and apply a chosen formal verification technique for P4_14, establish a suite of example programs and verified properties, and construct a migration plan from support P4_14 to P4_16.

2. Phase 2: Execute the migration plan and analyze the soundness, completeness and practicality of the resulting implementation.

Prerequisites:
-- Enrolled student in master’s program in computer science or related
-- General knowledge on computer networks
-- Affinity with programming language techniques such as compiler construction, formal verification and/or formal operational semantics
-- Some experience with declarative programming, e.g., logical programming (in Prolog) or functional programming (in Haskell)
-- Language skills: English

[1]. Bosshart P, Daly D, Gibb G, Izzard M, McKeown N, Rexford J, Schlesinger C, Talayco D, Vahdat A, Varghese G, Walker D. P4: Programming protocol-independent packet processors. ACM SIGCOMM Computer Communication Review. 2014 Jul 28;44(3):87-95.
[2] Kheradmand A, Rosu G. P4K: A formal semantics of P4 and applications. arXiv preprint arXiv:1804.01468. 2018 Apr 4.
[3] Liu J., Hallahan W., Schlesinger C., Sharif M., Lee J., Soulé R., Wang H., Caşcaval C., McKeown N., and Foster N., P4v: practical verification for programmable data planes. ACM SIGCOMM '18, pp. 490– 503. https://doi.org/10.1145/3230543.3230582
Chrysa Papagianni <c.papagianni=>uva.nl> and Thomas van Binsbergen <l.t.vanbinsbergen=>uva.nl> available  low
19 - Short Identifying Ghost resources in (multi-cloud/hybrid) distributed environments.

Many companies are adopting cloud or multi-cloud environments containing distributed components that leverage different Cloud services. Over time more resources are accumulated that are not properly cleaned up. In cloud environments this can introduce additional significant cost over time.

Additionally 'ghost' resources can pose a significant security risks if those resources are not patched.
- Are there strategies/frameworks to detect or prevent the creation of ghost resources.
- What or how is a proper baseline determined for identifying if something is a ghost resource/asset?
- Are there tools that can help identify ghost resources (in multi-cloud environments)?
- How can we automate the detection of ghost resources (in a multi-cloud environment)?


Notes:
The project can be extended to a long project if the students want extend the research with building a prototype for detecting ghost resources
Maurice Mouw <Maurice.Mouw=>os3.nl>
unavailable  medium
20 - Short
GPU malware

Antivirus is monitoring memory continuously for malicious activity. One possible way to circumvent this, is by utilizing the memory allocated to the GPU. Using the GPU to perform either computationally intensive operations or to hide malware when no actions are required or even executing the malicious code from the GPU. Students are required to have at least some experience with coding in C and OpenCL or CUDA. The latter two programming languages are used in General Purpose Graphics Processing Units programming. The goal of the research would be to expand further upon existing research, as there is some information available, although limited. [1][2] Research questions can be defined at a later stage, an example would be: “What are the limitations of running malware entirely on the GPU?”

[1]: https://www3.cs.stonybrook.edu/~mikepo/papers/gpumalware.malware10.pdf
[2]: https://github.com/nwork/jellyfish
Robert Diepeveen <robert.diepeveen=>northwave.nl> and Thomas Ouddeken <thomas.ouddeken=>northwave.nl>
unavailable  medium
21 - Long
Software-defined networking (SDN) and Blockchain in a decentralized environment

During the past years, SDN and Blockchain technologies have demonstrated a great potential to enhance each other [1]. SDN can improve the network availability and performance of the P2P network in the Blockchain, and the Blockchain can also improve the trustworthiness of the SDN controllers. In our recent work, Blockchain has been used in the scientific computing community to share large digital objects and in the trustworthiness of a decentralized service market. Improving the performance of the blockchain P2P network using SDN becomes an urgent topic when such Blockchain is deployed in a large, distributed infrastructure across data centers. In this project, we will investigate a) how SDN can improve the efficiency of decentralized digital object sharing in a Cloud virtual research environment [2], and/or b) how Blockchain improves the trustworthiness of SDN controllers from multiple providers in a service marketplace [3].

The student will first make a literature study on the relevant topic and deliver a technical solution to the VRE framework.

Reference:

[1] Majd Latah and Kubra Kalkan. 2022. When SDN and blockchain shake hands. Commun. ACM 65, 9 (September 2022), 68–78. https://doi.org/10.1145/3500920
[2] Zhao, Z., Koulouzis, S., Bianchi, R., Farshidi, S., Shi, Z., Xin, R., Wang, Y., Li, N., Shi, Y., Timmermans, J., Kissling, W.D.: Notebook-as-a-VRE (NaaVRE): From private notebooks to a collaborative cloud virtual research environment. Softw Pract Exp. spe.3098 (2022). https://doi.org/10.1002/spe.3098.
[3] Shi, Z., Ivankovic, V., Farshidi, S., Surbiryala, J., Zhou, H., Zhao, Z.: AWESOME: an auction and witness enhanced SLA model for decentralized cloud marketplaces. J Cloud Comp. 11, 27 (2022). https://doi.org/10.1186/s13677-022-00292-8

Notes:
Project for one or two students
Zhiming Zhao <z.zhao=>uva.nl> available  low
22 - Long
Assess the robustness of a P2P network using graph-based models


In peer-to-peer network (P2P) overlays, there are many problems that a malfunctioning peer can cause that can affect the performance, reliability, and availability of the entire network. While a P2P is generally meant to be set up with participants of equal importance, this is often not the case. More often than not there is an unequal distribution of responsibilities within a P2P network, for instance often a situation that a small percentage of peers answer the majority of queries occurs [1]. Furthermore, certain peers can also be favoured more over others in terms of routing, making some peers more important for the routing of the packages. This is for instance the case when a peer is the fastest gateway between two networks. When a peer in a P2P network malfunctions, it can have a massive impact on the total operability of the network, especially if the peer falls into the category described above. Clear problems that arise are the possibility of long reconfiguration times or partitions when these peers fall away. What is more, the rest of the network might suddenly need to distribute a large quantity of work. Besides, if one of these nodes becomes a bad actor, then it can inject malicious code into a lot of data.

In a perfect world, a P2P network would be perfectly flat, so where every peer has the approximately same responsibilities and importance, yet, that is already not always possible. In blockchain applications, the robustness of the underlying P2P network is crucial for synchronizing ledgers across nodes. If the network got partitioned, or more nodes became malicious (namely Byzantine nodes), nodes may take much longer than expected to achieve consensus on the states of ledgers. It is thus important to identify the potential risks of the P2P network and assess its robustness. So, it is important to be able to locate those peers that are of importance to the reliability, performance, and availability of the net work as a whole. With this information, we can then configure the network to have back-up routes or peers to not allow too much dependence on a small set of peers. It also offers insight into where new peers should be added when they want to join the network.

Currently, there is a lot of research on P2P networks, but not much on peer-based metrics. In this research project, we tackle the problem of creating a metric to be able to assess the ‘importance’ of a peer in a structured P2P network, where we have complete information on the topology of the underlying IP network and the P2P overlay network, the expected traffic over the network and the link capacities. This will be restricted to the most commonly used types of structured P2P networks, but we aim to lay the basis for generalising the metric to assess peer importance in any other given topology. As one of the main difficulties in detecting risks in P2P networks is that they are decentralised, it can also be interesting to look into how
accurate the metric is the information of just one peer or a group of peers working together.

References
[1] Dennis Trautwein et al. “Design and evaluation of IPFS: a storage layer for the decentralized web”. In: Proceedings of the ACM SIGCOMM 2022 Conference. 2022, pp. 739–752.
Zhiming Zhao <z.zhao=>uva.nl> unavailable  low
23 - Short
Unlocked popular password managers

Nowadays the use of password managers is ubiquitous and often encouraged by security providers. Password managers store the passwords (and other secrets such as MFA seeds or credit card information) of users in a secure, but reversible way. We know that an unlocked KeePass database [1] poses a threat for the user because it allows the key material to be extracted from memory. This raises the same question for other popular password managers (for instance LastPass, 1Password or Bitwarden) as well. How do they manage secrets in memory? Is it possible to extract the key material from memory for an unlocked database? What about browser extensions?

The student should be familiar with a bit of reverse engineering (language depends on the chosen password manager) as well as programming. The main goal of this research is to uncover what risks there are in leaving password managers unlocked, a cool extra effort would be a tool that extracts the right material from (browser) memory.

[1]: https://github.com/GhostPack/KeeThief
Robert Diepeveen <robert.diepeveen=>northwave.nl> and Bart Roos <bart.roos=>northwave.nl> unavailable  medium
24 - Short
Malware leveraging the TEE

Modern devices often include a Trusted Execution Environment (TEE) for handling security sensitive tasks and storing security sensitive assets. Malware, already in control of the Rich Execution Environment (REE), for example Linux, may also compromise the TEE.

You will be studying the current research on Malware leveraging the TEE of a device. The output of this project will be a Proof-of-Concept (PoC) on a real device with a Qualcomm TEE with known vulnerabilities (https://raelize.com/blog/qualcomm-ipq40xx-achieving-qsee-code-execution/). We will provide all the required tooling and targets for this project. You will conduct this project remotely from your own premises (e.g. SNE lab).
Niek Timmers <niek=>raelize.com> unavailable  medium
25 - Short
Reproduce ESP32 glitch attacks using affordable tooling

We demonstrated multiple attacks on Espressif's ESP32 chip with lab-grade Fault Injection tooling (https://raelize.com/blog/espressif-esp32-bypassing-encrypted-secure-boot-cve-2020-13629/).

You will be asked to perform a feasibility study to determine if it's possible to reproduce these attacks using affordable Fault Injection tooling. We will provide all the required tooling and targets for this project. You will conduct this project remotely from your own premises (e.g. SNE lab).
Niek Timmers <niek=>raelize.com> available  low
26 - Short
Improve library identification

Binary firmware typically include many libraries. Determining the version of these libraries is not always trivial.

You will be studying the state-of-art of library identification tooling (e.g. https://github.com/Riscure/Library-Identification) in order to improve it. The output of this project should be a standalone tool or disassembler plugin for e.g. Ghidra (https://ghidra-sre.org/). You will conduct this project remotely from your own premises (e.g. SNE lab).
Niek Timmers <niek=>raelize.com> unavailable  low
27 - Short
Threat Modeling OpenBMC

Modern servers are often equipped with a Baseboard Management Controller (BMC) that is used for remote monitoring and management of the host system. An interesting development is the availability of OpenBMC, an open source initiative to create an open source BMC firmware.

You will be studying the functionality of OpenBMC in order to define its attack surface. You will be using the QEMU reference platform and/or an actual device running the OpenBMC firmware. You will conduct this project remotely from your own premises (e.g. SNE lab).
Niek Timmers <niek=>raelize.com> available  medium
28 - Short
Would a flow based IDS using a neural network in kernel space improve performances over typical IDS?

Simplified versions of flow based IDS have been implemented in kernel space using eBPF and decision trees. This has shown a 20% improvement over similar tasks achieved in user space. However, this is achieved for a simplified IDS algorithms. As the complexity of the algorithm increases, using the specific data types of eBPF creates more overhead and complexity.

Goal:
- Will the performance advantage persist when using more complex algorithms and for example deep Neural Networks in the case of a kernel-based IDS ?

https://arxiv.org/pdf/2102.09980.pdf
Nathan Keyaerts <nathan.keyaerts=>sue.nl> and Serge van Namen <serge.van.namen=>sue.nl>
available  low
29 - Short
eBPF forensic tools

eBPF is a relatively recent technology that opens a new avenue of attacks and misusages of services. To counteract this, forensic tools are being developed to detect attacks and perform forensic investigations afterwards using Volatility.

Goal:
- Are these tools exhaustive, or are there still attacks that these tools cannot detect ? 
- Is it then possible to detect these attack ?

https://i.blackhat.com/USA21/Wednesday-Handouts/us-21-Fixing-A-Memory-Forensics-Blind-Spot-Linux-Kernel-Tracing-wp.pdf
Nathan Keyaerts <nathan.keyaerts=>sue.nl> and Serge van Namen <serge.van.namen=>sue.nl> unavailable  low
30 - Short
Quantum secure connection to your institution

eduVPN is open source VPN software that is offered by SURF as a service to organizations. Organizations using eduVPN mainly consist of universities and research institutions[1]. Using eduVPN, students and employees can access the organization's network without having to be physically present at the organization. eduVPN also offers a secure VPN connection which can be used to access the internet. Using this VPN connection will prevent people that are listening in on the network from seeing which websites one visits.

The cryptography used by eduVPN is not quantum resistant. When a quantum computer is built that is powerful enough to run Shor's algorithm, VPN traffic could be decrypted and the privacy of users violated.

The goal of the project is to research how to prevent VPN traffic that is stored now from being decrypted later when a quantum computer becomes available, and to build a Proof of Concept demonstrating a quantum-resistant eduVPN. We assume that there is currently no quantum computer that can break classical cryptography. Thus, an active Man in The Middle attack with a quantum computer is out of scope.

The proof of concept will focus on the connection between a user using the Android eduVPN application and the server while using WireGuard.

Because of limited time for the project, some tasks are out of scope:

* eduVPN clients exist for Android, iOS, Windows, macOS and Linux. We will only consider the Android client and leave the other clients out of scope.
* eduVPN support two VPN technologies: OpenVPN and WireGuard. For now, we will only consider WireGuard because OpenVPN support is planned to be removed in the future.
* eduVPN supports high availability deployments. These deployments use multiple servers that connect with each other. The communication between these servers are left out of scope. We will only consider a setup with one server.
* No new post-quantum cryptography will be designed and implemented. Existing post-quantum cryptography will be considered and used.

In case there is time left, the scope can be extended with one of the points above. For example, we could also look at OpenVPN or make sure the VPN connection is protected against an active MITM with a quantum computer.

At the end of the project, the following products will be delivered:

* The code of the modified server and modified Android app that can setup a VPN connection using WireGuard that protects against decryption by quantum computers.
* An explanation of the design and the design decisions.

[1]: See [status.eduvpn.org] (https://status.eduvpn.org/) for a list of organizations using eduVPN.
Rogier Spoor
<rogier.spoor=>surf.nl>
unavailable  low
31 - short
Placement of 'Security.txt' (RFC 9116) on network devices, by Digital Trust Centre (DTC)

The DTC has recently held a campagne to promote the usage of the new 'Security.txt' standard among its audience (small- and mid-sized enterprises (SMEs)) with great success. As a follow-up research the DTC would like to investigate the possibilities of placing 'Security.txt' on (minimal) internet-facing network devices, such as firewalls.

Questions that emerge during this research are:
- Is it possible to implement this on the devices of the three main brands used by SME companies; for this an analysis of the devices used by the SMEs need to be made that gives insight in which brands are most frequently used by these SMEs. These top three items will be the scope for this research
- (if not,) what are the limiting technical factors?
- (if not,) what technical changes should be made to enable the placement of 'Security.txt' on these devices?
- How can the DTC (government) use its position to force this change among these devices, using both their ability to create new (government) policy, and their communications towards the SMEs, to have these companies also actively demand this from the vendors.
Liesbeth Kruizinga <u.kruizinga2=>minezk.nl> and Erwin Hasenpflug unavailable
low
32 - short


Security of IaC

The adoption of IaC can help significantly reduce the administrative overhead for IT departments. Managing multiple environments in a multi-cloud setup, however, introduces complexity. Without properly securing and/or pipelining the creation of resources within your cloud environments, it is likely that changes will be made outside of the scope of the defined code. This can lead to (significant) security risks, additional costs, and depending on the tooling used breakage of existing IaC code or applications.

- How can we (effectively) detect configuration drift?

- What methods, tools, and/or frameworks are there for detecting and managing configuration drift?

- What are the caveats for drift detection?

- Can I detect drift outside of the stored state?

- Consider destroying vs detecting and remediating.
  - Note this is limited, e.g. if an object is changed that has dependencies to other objects this is not possible
  - e.g. think of a VPC that has subnets that contain VMs that cannot be destroyed.

Maurice Mouw <Maurice.Mouw=>os3.nl> unavailable
low
33 - short
Deanonymization of the Tox peer-to-peer communication protocol

During almost all ransomware incidents, the attackers wish to communicate with the victims, for example to negotiate prices. Often this communication happens trough a web portal in the Tor network, but sometimes attackers want to communicate through the Tox protocol [1]. Tox is a peer-to-peer (P2P), end-to-end encrypted chat protocol that tries to preserve the privacy of its users. Although the TokTok project states that its goals are to try to preserve privacy of its users, it also states the non-goal to preserve anonymity. Which is logical, considering it is a peer-to-peer protocol it should be possible to determine the IP address (and potentially other characteristics) of the partner engaged in communication. Tox is per design when connected to a peer not anonymous [2]. Connecting to a peer is done through a Distributed Hash Table (DHT), the table is distributed over a decentralized network of hosts named bootstrap nodes. The use of a DHT provides the Tox users the ability to find each other and connect in a more
private way.

Privacy and anonymity have different meanings and objectives as described above, within this study we clarify these as terms follows: Privacy is a state in which two peers are communicating and the communication is confidential, confidential being a state where the communication is kept secret and private. Privacy is provided by the Tox protocol [2]. In the context of this study we define the term anonymity in the context of two peers that have a friend relationship (found each other in the DHT) and can engage in communication over the Tox protocol. Even though the peers are connected, anonymity in Tox is present given in the sense that the peers do not know who is on the other side of the connection apart from the information required to establish the session (the Tox ID).

The goal of this study is to attempt to deanonymize the remote partner in a two-party communication using the Tox protocol. The scope of this study includes researching the associated privacy and anonymity components in Tox and an attempt to deanonymize Tox peer-to-peer participants in the identified scenarios of use. If the study indicates any feasible strategy to deanonymize Tox peer-to-peer participants the functional and technical requirements as well as the effectiveness will be considered in order to view a strategy as practically usable.

References:

 [1] https://tox.chat/about.html
 [2] https://toktok.ltd/spec#goals


Robert Diepeveen <robert.diepeveen=>northwave.nl>
unavailable
high
34 - short
Detection and propagation of invalid BGP routes in an environment where Route origin validation (ROV) is (partially) used.

ROV is a mechanism that detects when an AS starts to announces a prefix that it does not own itself. Neighboring BGP speakers can choose to not accept this prefix. Not all BGP speakers on the internet have ROV configured and/or enabled to drop invalid prefixes. Some BGP speakers only have ROV enabled to detect invalid routes, but choose to not drop invalid routes to ensure their networks keep working.

Because of the nature of the internet, it can happen that traffic that traverses through a BGP speaker that has ROV enabled and drops invalid routes still ends up at an invalid destination because somewhere along the path to the destination, a router chose to install an invalid route. This research aims to discover a way on how such routers can be discovered.

Goals of this research are:
- Detection of routers that installed invalid routes
- Understanding how these invalid routes propagate throughout the internet
- Measuring the influence of the placement of non-ROV enabled routers on a path
Willem Toorop <willem=>nlnetlabs.nl> and Koen van Hove <koen=>nlnetlabs.nl>



unavailable
low
35 - short
Investigation of FlexAlgo for User-driven Path Control

Flexible Algorithm (FlexAlgo) is an IGP extension that allows to create logical views or slices inside a single IGP domain. FlexAlgo describes a set of constraints on the topology that are to be used to compute the best paths.

We are interested in investigating capabilities and limitations of FlexAlgo and answer the following research questions:

- How can FlexAlgo be implemented in a single SRv6 domain?

- In particular, how can we assess the potential to create low delay paths and steer traffic via low utilization parts of the network?

These features are very important in order to achieve User-driven path control.


References:
1. https://www.ietf.org/archive/id/draft-ietf-lsr-flex-algo-26.txt
2. Hesselman, Cristian, et al. "A responsible internet to increase trust in the digital world." Journal of Network and Systems Management 28.4 (2020): 882-922.
Leonardo Boldrini <l.boldrini=>uva.nl> and Paola Grosso <P.Grosso=>uva.nl>
unavailable
low
36 - short
Development of a control framework to guaranty the security of a collaborative open-source project.

We're now living in an information society, and everyone is expecting to be able to find everything on the Web. IT developers make no exception and spend a large part of their working hours searching for and reusing part of codes found on Public Repositories (e.g. GitHub, Gitlab ) or web forums (e.g. StackOverflow).

The use of open-source software has long been seen as a secure alternative as the code is available for review to everyone, and as a result, bugs and vulnerability should more easily be found and fixed. Multiple incidents related to the use of Open-source software (NPM, Gentoo, Homebrew) have shown that the greater security of open-source components turned out to be theoretical.

This research aims to highlight the root causes of major recent incidents related to open-source collaborative projects, as well as to propose a global open-source security framework that could address those issues.

References:

https://searchsecurity.techtarget.com/news/252453398/Compromised-NPM-package-highlights-open-source-trouble
https://nakedsecurity.sophos.com/2018/06/29/linux-distro-hacked-on-github-all-code-considered-compromised/
https://portswigger.net/daily-swig/homebrew-bug-allowed-researcher-full-access-to-github-repos

Huub van Wieren <vanWieren.Huub=>kpmg.nl>
unavailable
low
37 - short
TCP-Prague evaluation

Low Latency Low Loss Scalable Throughput (L4S) [1] is a technology intended to reduce queue delay problems, ensuring low latency to Internet Protocol flows with a high throughput performance. The Linux TCP-Prague [2] is the reference implementation for the upcoming L4S Internet service. Other congestion controls that support L4S, such as Nokia’s RT-Prague, Google’s BBRv2, Ericsson’s SCReAM or Apple’s Prague implementation for QUIC and TCP are already available or will be released soon. The task of this project is to compare the performance of TCP-Prague against (some of) these congestion control implementations on at least one of the following criteria: (i) for steady state: fairness, RTT (in)dependence and convergence speed, and for dynamic behavior: fairness, responsiveness, and stability. Further fine-tuning of selected implementation will be performed to line-up the behavior of the congestion controls.

[1] B. Briscoe et al. Low Latency, Low Loss, Scalable Throughput (L4S) Internet Service: Architecture. Internet-Draft draft-ietf-tsvwg-l4s-arch-09. Work in Progress. Internet Engineering Task Force, March 2022.
Chrysa Papagianni <c.papagianni=>uva.nl> unavailable
low
38 - short
Implementing Post-Quantum Cryptography in an open-source Certificate Authority

In this project, we will implement Post-Quantum Cryptography (PQC) in an open-source Certificate Authority (CA). The National Institute of Standards and Technology (NIST) in the United States has selected three final algorithms for the next generation of public-key encryption and digital signatures. Source code for these algorithms is readily available and implementing this in a certificate authority allows users to experiment with these algorithms in real-world applications.
Apostolos Fournaris <fournaris=>isi.gr> and Francesco Regazzoni <f.regazzoni=>uva.nl>
unavailable
low