Completed Projects

Diploma Projects

Winter semester 2010

Anonymous access control with attribute based encryption

Supervisor: Prof. Serge Vaudenay
Status: complete (Robert R. Enderlein)
Type: Diploma
Description:The goal of this thesis is to study anonymous access control and figure out how one could build such a protocol based on attribute based encryption techniques.
Abstract

Cloud Storage Integrity

Supervisor: Prof. Serge Vaudenay
Status: complete (Sabrina Perez)
Type: Diploma
Description:The goal of this project is to design and implement a software prototype for cryptographic integrity checking with a cloud storage system. A layer with integrity-protection functions has to be specified, developed and tested.
Abstract

Cryptanalysis of SHA-3 candidates

Supervisor: Prof. Serge Vaudenay
Status: complete (Alexandre Duc)
Type: Diploma
Description:description: The current NIST SHA-3 hash function competition is to develop a strong hash function standard. The goal of the project is to study the security of a SHA-3 candidate, and to develop new hash function security analysis techniques.
Abstract

Winter semester 2009

Analysis and implementation of the security in VoIP solutions

Supervisor: Prof. Serge Vaudenay
Status: complete (Jonathan Hirsch)
Type: Diploma
Description:The goal of this project is to expose the state of the art Voice over IP technologies and the existing means to secure them; study a solution for secure VoIP communications between members discussing highly confidential matters and implement it.
Abstract

Vulnerabilities of the GSM stream cipher protocol

Supervisor: Prof. Serge Vaudenay
Status: complete (Sylvain Luiset)
Type: Diploma
Description:In mobile telephony, ciphering is highly important to protect user data and signalling data from interception. The GSM system uses symmetric cryptography. The encryption algorithm used is known as the A5 algorithm. The ciphering algorithm works by generating a stream of binary data (cipher block), which XORed with the user data, to produce the ciphered text which is transmitted over the air. The data is decrypted by XORing the received data with the cipher block. Multiple versions of the A5 algorithm exist which implement various levels of encryption. A5/0 utilizes no encryption. A5/1 is the original A5 algorithm used in Europe. A5/2 is a weaker encryption algorithm created for export and used in the United States. A5/3 is a strong encryption algorithm created as part of the 3rd Generation Partnership Project (3GPP). Some of these algorithms have been cracked, or at least have been announced as cracked. The goal of this diploma would be to: Analyze these algorithms and identify their weaknesses, vulnerabilities and cracking methods (exploits), Demonstrate an attack against A5/1 or A5/2, Assess the risk for a Telco such as Swisscom, Find an alternative to A5/3 (which is a very expensive solution) and if possible implement it in a demo.
Abstract

Winter semester 2008

Attacks on RSA with pre-formating rules

Supervisor: Prof. Serge Vaudenay
Status: complete (Alexandre Rodriguez)
Type: Diploma
Description:The goal is to study existing attacks on RSA with pre-formating rules and to study how they could apply to PKCS#1v1.5.
Abstract

Conception and development of a web server audit tool

Supervisor: Dr. Philippe Oechslin
Status: complete (Sergio Domingues)
Type: Diploma
Description:.
Abstract

Public Key Infrastructure in a DVB-CPCM Environment

Supervisor: Prof. Serge Vaudenay
Status: complete (Hoang Minh Nguyen)
Type: Diploma
Description:A CPCM-compliant (Content Protection & Copy Management) has credentials in the form of a Certificate chain that provides a public key and other attributes. Trust establishment between different CPCM Instances shall be based on Certificate chain exchange and verification. The goal of this present project is to understand, write proprietary specifications and implement a Public Key Infrastructure that follows the CPCM-standard.
Abstract

Secure Bluetooth Payment Application

Supervisor: Prof. Serge Vaudenay
Status: complete (Giovanni Rivera Diaz)
Type: Diploma
Description:The goal of the project is to implement a wireless application for resource constrained devices to enable secure and reliable payment transactions using bluetooth.
Abstract

Summer semester 2007

Efficient Protocols for Set Membership and Range Proofs

Supervisor: Prof. Serge Vaudenay
Status: complete (Rafik Chaabouni)
Type: Diploma
Description:The goal of this project is to investigate and implement different cryptographic protocols for proving that a secret lies in some interval, e.g., that the (secret) discrete log of some element y to a base g lies in [a, b] for some integers a and b. General results in zero-knowledge show that such a proof is possible. The goal, however, is to find an efficient method to make this proof.
Abstract

Strong Privacy in RFID needs public-key cryptography

Supervisor: Prof. Serge Vaudenay
Status: complete (Paise Radu)
Type: Diploma
Description:-
Abstract

Winter semester 2007

Fail-stop signatures

Supervisor: Prof. Serge Vaudenay
Status: complete (Khaled Ouafi)
Type: Diploma
Description:In this project, we survey the notion of fail-stop signature scheme. Implementations and development may be required.
Abstract

Summer semester 2006

Applications of MOVA signatures

Supervisor: Prof. Serge Vaudenay
Status: complete (Florin Oswald)
Type: Diploma
Description:This project consists of implementing applications of Monnerat-Vaudenay digital signatures (MOVA). We consider access control systems, credit card payment systems, lottery, train tickets, etc. This can split into several projects instead of just one.
Abstract

Carrying out financial Transactions over cellular network

Supervisor: Prof. Serge Vaudenay
Status: complete (Johann Terrier)
Type: Diploma
Description:The use of credit cards in fastly growing. As unexpected, only a few portion of the systems uses secure communications. By eavesdropping a transaction, it is possible to make payments without owning the credit cards. In India, the number of mobile phones is much grether thatn the number of credit cards. This project consists of analysing, designing, and implementing a payment solution only using mobile phone. One important aspect is that it does not modify the central bank architecture.
Abstract

Security and Privacy in RFID

Supervisor: Prof. Serge Vaudenay
Status: complete (Salvatore Bocchetti)
Type: Diploma
Description:Radio Frequency Identification (RFID) systems aim to identify objects in open environments with neither physical nor visual contact. They consist of transponders inserted into objects, of readers, and usually of a database which contains information about the objects. Unfortunately, RFID does not only bring advantages, but also security and privacy issues. The goal of this project is to address this issues.
Abstract

Trapdoor stream cipher

Supervisor: Prof. Serge Vaudenay
Status: complete (Jean-Philippe Aumasson)
Type: Diploma
Description:We implement a new cryptographic algorithm based on stream ciphers, study performances, and security.
Abstract

Summer semester 2005

Application avanc�e de compromis temps-m�moire

Supervisor: Dr. Philippe Oechslin
Status: complete (Hamdi Nihed)
Type: Diploma
Description:Le but de ce projet est d'étudier de nouvelles applications et des optimisations pour les méthodes de compromis temps-mémoire développées au Lasec.
Dans un premier temps, l'étudiant se familiarisera avec les méthodes de chiffrement et d'authentification suivantes :
1. Chiffrement des documents MS-Office
2. Authentification IPSec par secret partagé en mode standard et aggressif
3. Authentification Kerberos (authentification du client et des serveurs)
Pour chacune des méthodes, l'étudiant décrira le fonctionnement exact et étudiera si certains éléments seraient vulnérables à un compromis temps-mémoire.
Une méthode vulnérable sera ensuite sélectionnée et une attaque complète par compromis temps-mémoire mise en place.
Finalement, des optimisations ou des alternatives seront étudiées et réalisées, puis comparées avec la première méthode mise en place.
Abstract

Secure Communications over Insecure Channels Based on Short Authenticated Strings

Supervisor: Prof. Serge Vaudenay
Status: complete (Sylvain Pasini, SSC)
Type: Diploma
Description:The goal of the project is to implement, extend, and improve a message authentication protocol which can be used to secure peer-to-peer communication. One possible target platrofm could be the SSH or TLS protocol, or the Bluetooth pairing -like protocol. From a theoretical perspective, provably secure commitment schemes will be studied and implemented. A challenge is to implement the Common Reference String model (CRS) in a convincing way and finally to propose a cheme based on the standard model.
Abstract

Winter semester 2005

E-Voting System

Supervisor: Prof. Serge Vaudenay
Status: complete (Nicolas Bonvin, IN, In collaboration with ProLibre Sarl)
Type: Diploma
Description:The aim of this project is to implement an e-voting system, that will be used in real and hostile conditions. It will be necessary to do an important research of the already existing e-voting systems, showing their weakness and their strength. A lot of reflections have to be done with cryptographic protocols. Due to the particular conditions of this e-voting system, it will be necessary to tackle with other problems like physical and remote security of the servers, network problems, global consistency, secure verification of the results for everyone, ... The source code will be public at the end of the project.
Abstract

La s�curit� dans les r�seaux de capteurs sans fil

Supervisor: Prof. Serge Vaudenay
Status: complete (Xavier Perseguers, IN, In collaboration with CSEM)
Type: Diploma
Description:Ce projet consiste pour commencer à faire un état de l'art de ce qu'est la sécurité appliquée aux réseaux de capteurs sans fil. Nous effectuons une approche systématique des différents aspects de la sécurité, des valeurs à protéger, des menaces et vulnérabilités et des risques, avant de l'appliquer à différents modèles de réseaux.
Abstract

Network-Based Anomaly detection

Supervisor: Dr. Philippe Oechslin
Status: complete (David Mayor, SSC, In collaboration with Adventis)
Type: Diploma
Description:Anomaly detection is based on the principle of deviation of certain network parameters from baseline values. This principle is used for security systems such as network and host-based Intrusion detection systems. The problem with the existing solutions is that they have a limited view of a global infrastructure. They see the traffic flowing only through the segment to which they are attached.

New principles try to remove this limitation. Performance monitoring systems have a global view of a network infrastructure and if correctly used can be used as anomaly detection environments. However, the information they provide does not allow for immediate countermeasures.

The project objective is to use a technology called Netflow from Cisco to allow for:
- Anomaly detection
- Attacked service detection
- Countermeasure deployment

Netflow technology provides very detailed information of all flows seen thourgh a router interface such as source, destination, service, time, bytes transferred and number of flows. This data can provide enough information to allow for simple anomaly detection (deviation from a baseline) with either standard averaging or prediction algorithms to estimate the normal behavior and if an anomaly has been detected to detailed which port or ports and sources are the sources of the attack.

The student will have to develop the concept for efficient baselining, detection of anomalies and port identification, and implement the developed principles. Additionally, if time allows it, sources can also be derived from the data. Finally, the student will have to integrate the implementation with external code to deploy countermeasures.
Abstract

Secure Identification Technologies

Supervisor: Dr. Philippe Oechslin
Status: complete (Urs Nyffeler, SSC, In collaboration with Philips)
Type: Diploma
Description:Integrating biometrics on mobile platforms. In this project, face recognition technology (developed in cooperation with Technical University of Eindhoven) will be integrated on a mobile platform. In addition, research questions in the direction of securing the templates will be addressed. Work in this field must result in a working demonstrator, and strategies/implementations for securing the associated biometric templates.
Abstract

Summer semester 2004

AUTODAFE: an Act of Software Torture

Supervisor: Dr. Philippe Oechslin
Status: complete (Martin Vuagnoux, SSC, In collaboration with the University of Cambridge)
Type: Diploma
Description:After two first semester projects a tool for a tool was developed to automatically find vulnerabilities in existing software. A prototype has been successfully used to find security bugs in FTP and POP3 servers. The goal of this project is to take the basic ideas of the project to a next level by implementing a tool that a) acts like a transparent proxy such that it can test both servers and clients b) uses probes on the tested systems (e.g. valgrind) to detect potential vulnerabilities, c) adapts easily to a wide range of protocols. Strategies will be developed to reduce the state space of the bug hunting and to direct the search toward probable vulnerabilities.
Abstract

Bluetooth Security

Supervisor: Prof. Serge Vaudenay
Status: complete (Thomas Peyrin, CPE Lyon)
Type: Diploma
Description:We study security protocols in Bluetooth, investigate potential vulnerabilities, and propose ways to repair them. We will first focus on the key exchange protocols, then the authentication protocols, and finally the encryption schemes. We will further develop tools for experimenting Bluetooth protocols (snifer, ...) and demonstration purposes.
Abstract

Formal verification of security protocols

Supervisor: Dr. Philippe Oechslin
Status: complete (Nicolas Tissot, SSC, Projet in collaboration with NTT Communnication Science Laboratories, Kyoto, Japan)
Type: Diploma
Description:To study methods of verifying required properties on security such as authentication and integrity for given protocols automatically. In this internship research, we first survey past trials of formal verification of security protocols in various methods as well as learn basic formalizing and proving techniques of spi calculus. Then, we locate a difficult problem not solved so far and introduce a new method which solves it in the framework of spi calculus.
Abstract

Winter semester 2004

Analysis and optimizations of a key distillation protocol in quantum cryptography

Supervisor: Prof. Serge Vaudenay
Status: complete (Olivier Gay, IN, Project in collaboration with ID Quantique)
Type: Diploma
Description:The purpose of the project is to analyze and optimize a protocol for key distillation in a quantum cryptographic scheme.
Abstract

Analysis of game based proofs for encryption schemes in the random oracle model

Supervisor: Prof. Serge Vaudenay
Status: complete (Velik Bellemin, SSC, In collaboration with NTT Communication Science Laboratories Kyoto)
Type: Diploma
Description:Agent systems are executed on a huge and open network environment, and there are more chances that crackers attack the systems. In order to prevent them, we have to introduce several new types of security protocols. Then we are involved in proving the correctness of those newly developed protocols. Confirmation of correctness of security protocols is important and difficult task. Recently, a random oracle model is introduced to prove the correctness, and it brings some patterns in the proof outline, although most part depends on mathematician's discussion. In this research, we analyze a lot of proofs based on a random oracle model, derive more detailed patterns among them and formalize the patterns. Moreover, we aim at mechanization of the proof procedure so that they are automatically generated to some extent by theorem provers from a given algorithm and required correctness statements.
Abstract

GPRS over billing attacks

Supervisor: Dr. Philippe Oechslin
Status: complete (Bertrand Ndzana Ndzana, Project in collaboration with Orange)
Type: Diploma
Description:Mobile operators need to guarantee that their GPRS customers are billed exactly according to the volume of data they requested and received. GPRS overbilling attacks allow sending unsolicited data to an arbitrary customer and thus increasing the customer bill in an abnormal way. New products are now available for mobile operators to protect themselves from this type of attack. The goal of the project is to improve existing attacks. The project requires developing, implementing and demonstrating the attacks as well as proposing new protection methods.
Abstract

On the security of ZIP files

Supervisor: Dr. Philippe Oechslin
Status: complete (Erwann Wernli, IN)
Type: Diploma
Description:Implement two attacks on encrypted zip files (one based on known plaintext by Biham & Kocher and an extension of it based on predictable random numbers by Stay) in order to recover the files in less than an hour. The goal of this project is also to find optimisations that either reduce the amount of known information needed or increases the speed of cracking, possibly by using precomputed data.
Abstract

VoIP Security

Supervisor: Dr. Philippe Oechslin
Status: complete (David Schmid, SSC, In collaboration with Swisscom)
Type: Diploma
Description:Exploration of innovative security and encryption concepts for secure telephony over the Internet.
Abstract

Web applications security - Automation of vulnerabilities assessment

Supervisor: Dr. Philippe Oechslin
Status: complete (S�bastien Gacond, IN, In collaboration with Unicible)
Type: Diploma
Description:Le travail de diplôme proposé consiste au développement dun concept de sécurité des applications WEB et à la mise en oeuvre des mécanismes de contrôle et reporting automatique. Le but serait de proposer un concept de sécurité des applications Web et réaliser un script qui vérifierait tous les points présents dans le concept et qui nous retournerait des rapports afin dautomatiser ses tâches. Cela demanderait de la part de létudiant : - Identification des vulnérabilités connues dans les applications WEB - Etudes des concepts et des dispositifs pour la sécurité dapplication -Identification des produits daudit applicatif disponibles (propriétaires et Open sources) - Conception dune architecture à mettre en place pour la vérification/audit - Mise en oeuvre
Abstract

Summer semester 2003

A Generalization Of Linear Cryptanalysis

Supervisor: Prof. Serge Vaudenay
Status: complete (Thomas Baigneres, SSC)
Type: Diploma
Description:Linear Cryptanalysis is a generic attack that has been successfully applied against some widely used ciphers like the Data Encryption Standard (DES). By generalizing some concepts of this theory, it may be possible to break some ciphers like the Advanced Encryption Standard (AES) that were designed to resist to it. The main goal of this diploma work is to explore this possibility.
Abstract

GPRS Overbilling Attacks Detection

Supervisor: Dr. Philippe Oechslin
Status: complete (Aur�lie Vallet, SSC, Project in collaboration with Orange)
Type: Diploma
Description:Protection from overbilling attacks is important for operators to implement a GPRS volume based billing. The goal of this project is to develop an active intrusion detection system that detects GPRS overbilling attacks and prevents them by actively reconfiguring GPRS firewalls. The project requires developing specific modules for an existing intrusion detection system.
Abstract

Integrating medium-oriented and network-oriented DRM technologies

Supervisor: Dr. Philippe Oechslin
Status: complete (Martin Garcia, SSC, Project in collaboration with Philips Netherland)
Type: Diploma
Description:In this project an integrated approach needs to be developed to bring together the medium oriented copy protection technologies and the network oriented DRM technologies. More specific the focus will be on import and export of medium bound legacy or copy protected content in and from so called Authorized Domains, which is a home network oriented DRM technology. The solution may include various content protection and identification technologies such as cryptography, key management, rule management, watermarking, and/or fingerprinting.
Abstract

PKI Deployment Considerations

Supervisor: Dr. Philippe Oechslin
Status: complete (Pierre Scholtes, SSC, Project in collaboration with Unicible)
Type: Diploma
Description:The project consist of performing research and analyses to deliver documented and a tested solution that would provide proper criteria and configuration definitions for multiples CA's in order to establish a coherent PKI based system. The project involves research in the types of PKI distributed trust architectures and defining how an independent CA has to be designed and implemented in order to allow integration of the CA into the hierarchy of a PKI as seamlessly as possible without re-issuing all the certificates within the realm of that CA. It also involves analysing the certificates structure to be issued and defining the field contents. OpenSource PKI's (OpenCA, IDX-PKI) will be used to assist in conducting the testing required.
Abstract

Winter semester 2003

Strength and weaknesses analysis of security industrial standard TCPA and Finread

Supervisor: Prof. Serge Vaudenay
Status: complete (Florent Mahoudeau, SSC)
Type: Diploma
Description:The purpose is to make a study of two emerging security standards in the industry that try to offer hardware security in the PC environment and smart card reader. The analysis needs to cover software and hardware solutions. Diploma work in Nagra
Abstract

Winter semester 2001

EasyRide: Risk analysis and security concepts

Supervisor: Prof. Serge Vaudenay
Status: complete (Stefan Aeschbacher, IN-Diploma)
Type: Diploma
Description:Security analysis of EasyRide, a new system for CFF in order to replace the train tickets by contactless smart cards.
Abstract

Summer semester 2000

Linear cryptanalysis of DES

Supervisor: Prof. Serge Vaudenay
Status: complete (Pascal Junod, ETHZ-DI-Diploma Work)
Type: Diploma
Description:Experiment and analysis of Matsui's linear cryptanalysis on DES. This attack method was published in 1994 but no statistical analysis was possible at this time because computers were not fast enough. In this project, we first implement an efficient DES function, then run Matsui's attack and finally make a statistical analysis of its complexity.
Abstract

Doctoral School Projects

Winter semester 2009

On the complexity of distinguishing distributions

Supervisor: Prof. Serge Vaudenay
Status: complete (Pouyan Sepehrdad)
Type: Graduate School
Description:Analyze several distinguishers on toy random sources and how to carry generalized linear cryptanalysis in a group of order 10.
Abstract

Summer semester 2002

Cryptanalysis of A5/1

Supervisor: Prof. Serge Vaudenay
Status: complete (Yi Lu, SSC Graduate School)
Type: Graduate School
Description:Implement the attack proposed by Byriukov, Shamir and Wagner against A5/1, a cipher used in the GSM world.
Abstract

Discrete logarithm algorithm in elliptic curves of trace one

Supervisor: Prof. Serge Vaudenay
Status: complete (Jean Monnerat, SSC Graduate School)
Type: Graduate School
Description:This project aims to understand and implement an algorithm in order to be able to compute discrete logarithms in elliptic curves over a finite field whose trace of Frobenius is one.
Abstract

Fair exchange for terminodes

Supervisor: Prof. Serge Vaudenay
Status: complete (Gildas Avoine, SSC Graduate School)
Type: Graduate School
Description:This project aims to survey fair exchange techniques, terminodes security architecture, and to propose a dedicated fair exchange protocol.
Abstract

Summer semester 2000

Implementation and Comparison of Several Public Key Cryptosystems

Supervisor: Prof. Serge Vaudenay
Status: complete (Zoran Despotovic, SC-Graduate School)
Type: Graduate School
Description:Implementation and comparison of several public key cryptosystems.
Abstract

Semester Projects

Winter semester 2011

Cryptanalysis of the Simple Substitution Cipher

Supervisor: Prof. Serge Vaudenay
Status: complete (Iosif Spulber)
Type: Semester
Description:The aim of this project is the development of an algorithm for automated cryptanalysis of the simple substitution cipher.
Abstract

Design of a code-based cryptosystem

Supervisor: Prof. Serge Vaudenay
Status: complete (Alexandre Duc)
Type: Semester
Description:The goal of this project is to design an extension of the TCHo cryptosystem using well-known hard problems in coding theory. In particular, we try to base our security on the learning from parity with noise problem and the minimum distance problem.
Abstract

Iteration Techniques for Compression Hash Functions

Supervisor: Mr. Petr Susil
Status: complete (Sonia Bogos)
Type: Semester
Description:The goal of this project is to make a comparative study of the iterative techniques used on compression hash functions. The study will present constructions like: Merkle-Damgard, Enveloped MD, offset MD, Strengthened MD, Prefix-tree MD, Shoup, Haifa, Tree Hash(MD6),sponge , the properties they preserve (Coll, Sec, aSec, eSec, Pre, aPre, ePre, pseudorandom preserving, almost uniform distribution preserving) and different attacks on iterative functions (generic attacks, Joux, Kesley-Schneier, Nostradamus attack, etc.).
Abstract

Quantum-based authentication protocol

Supervisor: Mr. Petr Susil
Status: complete (David Klopfenstein)
Type: Semester
Description:(1) Analyze the current protocols of authentication and their associated levels of security (2) Build a new multi-factor authentication protocol using one of the bests current security tools:Quantum Key Distribution (QKD) systems. (3) Implementation a prototype of the protocol in C++ and (4) Installation of a concrete quantum network to test the protocol.
Abstract

Winter semester 2010

Grobner Basis Algorithms Evaluation

Supervisor: Mr. Pouyan Sepehrdad
Status: complete (Monica Perrenoud)
Type: Semester
Description:One of the main applications of Grobner basis algorithms is to solve the system of polynomial equations extracted from the structure of symmetric ciphers, but the main drawback of even the most efficient implementation of the algorithm is memory, as they quickly explode in memory and the program crashes. The student is expected to read and understand various Grobner basis algorithms (many books available) and evaluate specifically the two algorithms of Faugeres called F4 and F5 over GF(2) and reports CLEARLY their restrictions and their privileges and how they exactly work. Depending on the time he/she may be asked to run different system of equations under Polybori framework under SAGE or Polybori alone which is the current most efficient framework for computing the Grobner basis of an ideal to evaluate the efficiency of Polybori.
Abstract

On Hiding Message Length in Symmetric-key Cryptography

Supervisor: Prof. Serge Vaudenay
Status: complete (Cihangir Tezcan)
Type: Semester
Description:A symmetric-key encryption does not hide message length and the length may reveal some information about the message itself. This project aims to formalize random-length padding technique, to measure the leakage, to define the appropriate secrecy notion, and to examine protocols that require message length to be hidden.
Abstract

Primeless Cryptography

Supervisor: Prof. Serge Vaudenay
Status: complete (Ehsan Kazemi)
Type: Semester
Description:The objectives are to study feasibility of making public-key cryptographic primitives based on number theory without using prime numbers.
Abstract

Quasi-groups in symmetric cryptography

Supervisor: Mr. Petr Susil
Status: complete (Nouredine Hussain)
Type: Semester
Description:Quasi groups has been used in several cryptographic primitives since they may provide security guarantees based on hard instances of satisfiability, or similar problems. The quasi-group operations are usually very fast and can be used to build efficient primitives. These primitives include Edon-R a first round SHA-3 candidate, eSTREAM cipher Edon80, and other designs. The goal of the survey is to look into existing literature, and understanding the requirements on quasi-groups which are the building blocks of stream ciphers and hash functions, and look at efficient implementations of corresponding cryptosystems, for instance EdonR hash function and Edon80 stream cipher and corresponding attacks.
Abstract

Summer semester 2009

Mistrusting Sellers and Malicious Buyers

Supervisor: Mr. Rafik Chaabouni
Status: complete (Teodora Kostic)
Type: Semester
Description:This project aims to survey existing protocols for buyer-seller watermarking and fingerprinting protocols; to implement one or two seemingly secure protocols and demonstrate their (in)security.
Abstract

When Passwords are Sufficient for Exchanging Keys among Humans

Supervisor: Mr. Khaled Ouafi
Status: complete (Antoine Amiguet)
Type: Semester
Description:The aim of this project is to survey existing security models for password-based authenticated group key exchange protocols, e.g. those derived from Burmester-Desmedt and Bresson et al.; to implement the latest secure protocols and verify if current models are sufficient.
Abstract

Winter semester 2009

Analysis of lightweight functions (Armadillo)

Supervisor: Prof. Serge Vaudenay
Status: complete (Petr Susil)
Type: Semester
Description:The student should analyze the security of ARMADILLO cryptographic primitive by Oridao and try to design a lighter design.
Abstract

Approximation of carry bits in XAR hash functions

Supervisor: Prof. Serge Vaudenay
Status: complete (Petr Susil)
Type: Semester
Description:XAR hash functions are non-linear due to a relationship between addition and xor operation. The aim of the project is to develop a tool for approximating addition in XAR hash functions using multivariate equations of low degree, discuss limitations and possible attacks based on such approximation.
Abstract

CAPTCHA

Supervisor: Mr. Khaled Ouafi
Status: complete (Daniel Domingues)
Type: Projet 2
Description:In this project we survey existing technics to tell humans and computers apart, to defeat those technics, and applications. We investigate alternate solutions. This will continue a previous project. Dedicated applications may be considered, such as interface with a counter-spam application, or access control to some specific web site.
Abstract

Cryptanalysis of MIBS Block Cipher

Supervisor: Prof. Serge Vaudenay
Status: complete (Asli Bay)
Type: Semester
Description:The student focuses on cryptanalysis of MIBS lightweight block cipher and tries to find weaknesses in the design.
Abstract

Identity-based encryption

Supervisor: Mr. Rafik Chaabouni
Status: complete (Alexandre Duc)
Type: Projet 1
Description:The project consists of studying and implementing the so-called identity-based encryption algorithms. This is based on the mathematical notion of pairing.
Abstract

KeeLoq

Supervisor: Mr. Pouyan Sepehrdad
Status: complete (Robert R. Enderlein)
Type: Semester
Description:KeeLoq is a proprietary block cipher used by Chrysler, Daewoo, Fiat, GM, Honda, Toyota, Volvo, VW, Jaguar, etc. to remotely open and/or start cars. In 2007, researchers from the university at K.U.Leuven in cooperation with colleagues from Israel found a new attack against the system. Using the details of the algorithm that were leaked in 2006, the researchers started to analyze the weaknesses. After determining the part of the key common to cars of a specific model, the unique bits of the key can be cracked with only sniffed communication between the key and the car, e.g. unlocking. The objective of this project is to understand and implement the KeeLoq attacks and possibly to test it in real life.
Abstract

Rethinking the PKI Trust Model

Supervisor: Mr. Rafik Chaabouni
Status: complete (Sabrina Perez)
Type: Semester
Description:The goal is to develop a tool (add-on?) for a browser to help human users to control the trust model for PKIs.
Abstract

Selling train tickets by SMS

Supervisor: Mr. Khaled Ouafi
Status: complete (Steven Meyer)
Type: Semester
Description:The project consists of studying how to securely sell train tickets with mobile technology, possibly using the MOVA undeniable signature.
Abstract

Surveys Database

Supervisor: Mr. Khaled Ouafi
Status: complete (Sandrine Bouvier)
Type: Projet 2
Description:Develop a web-based application generating random surveys (quizz) for a selectionned level and/or a special chapter.
Abstract

TCHo implementation in hardware

Supervisor: Mr. Rafik Chaabouni
Status: complete (Vincent Bindschaedler)
Type: Semester
Description:The purpose is to implement the TCHo public-key cryptosystem in hardware. An application to RFID can be studied as well.
Abstract

The Learning Parity With Noise Problem in Cryptography

Supervisor: Prof. Serge Vaudenay
Status: complete (Asli Bay)
Type: Semester
Description:In the project, I am going to look connections with a hardware oriented trapdoor cipher TCHO and LPN problem. In addition, I am going to construct an IND-CCA Secure Scheme of THCO
Abstract

Total complexity of generic algorithms

Supervisor: Mr. Pouyan Sepehrdad
Status: complete (Alexandre Duc)
Type: Semester
Description:The goal is to analyze the total complexity of several algorithms that can be used to break cryptographic schemes in a generic way. Some distributed implementation part may be forseen.
Abstract

Summer semester 2008

Incremental Hash Functions for Message Authentication

Supervisor: Mr. Khaled Ouafi
Status: complete (Jean Respen)
Type: Semester
Description:The idea of an incremental hash function is that you only need to do a normal hash computation on a message m once, during the first time. Afterwards, if slight changes are made to m, you don't have to recompute the hash from scratch, but can compute the new hash output from the initial one, with much less computations.
This is certainly desirable in practical situations where you have a large message, and you update the message (which means minor changes), so you want the corresponding update to the hash output to be fast.
This project is also in line with the upcoming US National Institute of Standards & Technology (NIST)'s advanced hash standard (nicknamed AHS). One of the proposed criteria is that one should be able to construct a secure message authentication code from the hash function standard.
The purpose of this project is to review existing design paradigms and constructions for incremental hash functions, and analyze the security of these constructions in applications where they are used to construct the message authentication code schemes HMAC and NMAC.
Abstract

Winter semester 2008

Attack on IPSEC in non-authenticated mode

Supervisor: Mr. Martin Vuagnoux
Status: complete (Nebil Mansour & Beyrem Merdassi)
Type: Semester
Description:In this project, we implement an attack that was presented at Eurocrypt 2006 which consists of breaking IPSEC when the authentication is not used.
Abstract

Diffie-Hellman vs Discrete Logarithm

Supervisor: Mr. Sylvain Pasini
Status: complete (Jonathan Kuhn)
Type: Semester
Description:study some equivalence result between the Diffie-Hellman problem and the Discrete Logarithm problem based on a result by Maurer.
Abstract

RFID

Supervisor: Mr. Khaled Ouafi
Status: complete (Donato Verardi)
Type: Semester
Description:study and/or implement various RFID protocols. Study security and privacy issues.
Abstract

Summer semester 2007

Bluetooth v2.1

Supervisor: Dr. Raphael Phan
Status: complete (Patrick Mingard)
Type: Projet 2
Description:implementation of the Diffie-Hellman protocol on elliptic curves for the Bluetooth v2.1 standard.
Abstract

Breaking SSH in a second using cache attack

Supervisor:
Status: complete (Thomas Kunz)
Type: Projet 2
Description:At CT-RSA '06, Osvik, Shamir and Tromer proposed a cache attack against AES. They recovered AES secret key within 65 milliseconds! The idea of this project is first to understand and implement this attack and then make it really efficient against OpenSSH.
Abstract

Generic Algorithms for (Pseudo-)Collisions Search on Hash Functions

Supervisor: Mr. Thomas Baign�res
Status: complete (Ioan Moraru)
Type: Projet 2
Description:Because of the Birthday Paradox, it is known that the output bit-length of a hash function should roughly be twice as large as the targeted security level. The aim of this project is to study and to implement various generic algorithms (i.e., that apply on any given hash function such as MD5 or SHA1) that allow to find collisions on the hash function. As typical length of hash functions are too large, the objective here is to find pseudo-collisions, i.e., two distinct inputs that collide on the greatest possible number of bits. During the 2005 Crypto & Security Lectures, we proposed a challenge whose objective was to find such pseudo-collisions. Your objective will be to smash the best value that was reached at that time (which is of 73 consecutive bits on SHA1) ! This project should review and implement well known methods (e.g. Pollard rho, distinguished point) as well as more recent proposals (Adi Shamir suggested at Asiacrypt 2006 to take a look at Nivasch's algorithm).
Abstract

Passive RFID Sniffer

Supervisor: Mr. Martin Vuagnoux
Status: complete (Eric Bisolfati)
Type: Projet 2
Description:The objective of this project is the implementation of a passive RFID sniffer able to eavesdrop the communication between tags
Abstract

Secure VoIP

Supervisor: Mr. Sylvain Pasini
Status: complete (Michael Jubin)
Type: Projet 2
Description:The aim of this project is to implement a voice over IP telephone which allows secure communications.
The application should be compatible with all SIP-based applications. Each instance starts in an insecure mode and switch into a secure mode after a key agreement. The key agreement is an additional module which uses the SAS-based authenticated key agreement from Pasini and Vaudenay [PKC '06].
A demo (without SIP-compatibility) is running here.
Abstract

Winter semester 2007

Nostradamus attack

Supervisor: Mr. T. Baign�res and M. Finiasz
Status: complete (Am�lie Magnin)
Type: Projet 2
Description:In this project, we implement an attack that was presented at Eurocrypt 2006 which consists of breaking hash functions in a commitment mode.
Abstract

Summer semester 2006

Break WEP faster with statistical analysis

Supervisor: Mr. Martin Vuagnoux
Status: complete (Rafik Chaabouni)
Type: Projet 2
Description:In order to break WEP encryption, generally the Fluhrer, Mantin and Shamir attack is applied (Kismet, Airsnort, etc.). In 2004, a hacker called Korek, proposed 17 new statistical attacks. When 4 millions of packet were necessary with the FMS attack, only 300'000 are needed with the Korek's attacks for a 104-bit key (See aircrack). The goal of this project is to understand how the Korek attacks work and to improve this attack in order to reduce the number of packet needed.
Abstract

Breaking GPG v1.2.3

Supervisor: Mr. T. Baign�res and M. Finiasz
Status: complete (S�bastien Chatelanat)
Type: Projet 2
Description:GNU Privacy Guard (GPG) is a very well known (and very well used) cryptographic software. It is the open source implementation of Zimmermann's famous software PGP and is distributed in a very wide range of GNU/Linux distributions (e.g. SuSE, RedHat, Debian, ...). It is also available for other platforms (such as Windows). At Eurocrypt'04, a French researcher showed that ElGamal signatures in GPG v1.2.3 (and preceeding versions) were flowed. More precisely, given only one ElGamal signature, an adversary can recover the signer's private key (in less than a second on a PC) ! Due to this flaw, ElGamal signing feature was removed in subsequent releases of GPG. The aim of this project is to understand the attack and to implement a nice demo sofware, illustrating the power of the attack!
Abstract

Collisions on MD4

Supervisor: Mr. T. Baign�res and M. Finiasz
Status: complete (Sergio Domingues)
Type: Projet 2
Description:MD4 and MD5 are cryptographic hash functions. As such they should be resistant to collisions search, meaning that it should be hard (computationally speaking) to find two distinct inputs x and y such that h(x) = h(y). Hash functions are fundamental primitives used for example in digital signatures. At the rump session of Crypto'04, Xiaoyun Wang, Dengguo Feng, Xuejia Lai, and Hongbo Yu announced collisions on MD5. One year later, at Eurocrypt'05, those researchers published two articles explaining how they found collisions on MD4 and MD5. Since the publication of these articles, several refinements have been proposed. At this time, finding collisions on MD4 should not take more than a second on a standard PC and finding collisions on MD5 should not take more than a few hours. The objective of this project is to understand and implement these attacks.
Abstract

Listening GSM communication: Cipher-only attack on A5/1

Supervisor: Mr. Martin Vuagnoux
Status: complete (Andrei Damian)
Type: Projet 2
Description:In 2005, Barkan and Biham proposed a new attack on A5/1. With only 3-4 minutes of eavedropped conversation, it is possible to decrypt the data with a success rate of about 91%. The goal of this project is to understand the attack and to implement a tool able to decrypt a real GSM communication.
Abstract

Voice over IP Security

Supervisor: Dr. Philippe Oechslin
Status: complete (Taher Balafrej)
Type: Projet 2
Description:Pas important
Abstract

Winter semester 2006

.NET security thanks to obfuscation

Supervisor: Dr. Matthieu Finiasz
Status: complete (Fr�d�ric Hamel, Erasmus, CPE Lyon, France)
Type: Projet 2
Description:.NET is a new technology by Microsoft that aims at more productivity in software development. Unfortunately .NET is pretty weak against reverse engineering. The goal of this project is to find out solutions to protect the intellectual property and security of a software thanks to obfuscation.
Abstract

Cryptography over elliptic curves

Supervisor: Mr. Baign�res and Mr. Monnerat
Status: complete (Alexandre Karlov, SSC)
Type: Projet 2
Description:implementation of a computation toolbox for elliptic curves, implementation of cryptographic algorithms over elliptic curves. Can lead to a diploma work in the industry.
Abstract

Human computation and Turing tests

Supervisor: Mr. Martin Vuagnoux
Status: complete (Fran�ois Bonzon, SIN)
Type: Projet 2
Description:Study what kind of computation can easily be done by human beings which is hard by computers. Implement access control applications to fight robots, spams, ...
Abstract

Projective Coordinates Leak

Supervisor: Mr. Baign�res and Mr. Monnerat
Status: complete (Marc St�cklin, SSC)
Type: Projet 2
Description:The goal of this project consists in studying and implementing a method of Naccache, Smart and Stern presented at Eurocrypt 2004 which allows to retrieve some bits of the secret exponent of a scalar point multiplication on an elliptic curve. So, they showed that the use of projective coordinates decrease the security of some cryptographic primitives based on the elliptic curve discrete logarithm problem.
Abstract

Summer semester 2005

Attacks on Radio Frequency Identification Protocols

Supervisor: Mr. Gildas Avoine
Status: complete (Etienne Dysli, IN)
Type: Projet 2
Description:Radio Frequency Identification (RFID) systems aim to identify objects in open environments with neither physical nor visual contact. They consist of transponders inserted into objects, of readers and usually of a database which contains information about the objects. The key point is that authorised readers must be able to identify tags without an adversary being able to trace them.

This year, at the Conference on Computer and Communications Security (ACM CCS'04), Molnar and Wagner proposed an RFID protocol which is proven secure in terms of privacy but which is no more efficient than other RFID protocols. They then suggested a generic technique to improve the efficiency of their protocol reducing so the complexity of an identification from O(n) to O(log n), where n is the number of tags within the system. Unfortunately, their scheme seems to suffer from some flaws, threatening so the privacy.

The purpose of this project is to carefully analyse this protocol in order to determine whether or not the attack is valid. Depending on the results, i.e., the attack works or not, the student will have to propose a patch to fix the protocol or a way to still improve its efficiency.
Abstract

Side-Channel Attack against RSA OAEP

Supervisor: Mr. T. Baign�res and M. Finiasz
Status: complete (Fabrice C�dric Nansi)
Type: Projet 1
Description:Implement Manger's attack against RSA-OAEP as implemented in PKCS1 v2.0 which was presented at Crypto '01.
Abstract

SPAM Control using Tokens and Signatures

Supervisor: Prof. Serge Vaudenay
Status: complete (Roman Schlegel)
Type: Projet 2
Description:Develop an application to generate email addresses which can be used only once or which expires, revokable email addresses with cookies for traitor tracing, tools to manage it. Efforts to make it user friendly and transparent. Fight spams.
Abstract

Winter semester 2005

Building a platform and user identification mechanism using Trusted Computing

Supervisor: Dr. Philippe Oechslin
Status: complete (Marco Ricca, SSC)
Type: Projet 2
Description:This project will focus on adding new features and modularization to the project based on Trusted Computing, developed as part of a placement semester in HP Labs, Bristol. A prototype of a VPN solution was developed, using the Trusted Platform Module (TPM) to vouch for the identity of the platform used by the Road Warrior. This prototype is to be further developed and standardized in order to be implementable in different kind of infrastructures. The work shall be carried out in collaboration with the Trusted Systems Lab at the Hewlett-Packard Laboratories European headquarters in Bristol, UK.
Abstract

Generic Homomorphic Signature Scheme: Optimizations

Supervisor:
Status: complete (Yvonne Anne Oswald)
Type: Projet 2
Description:Undeniable signatures are digital signatures which protect the privacy of the signer: a signer can sign any digital document, and the signature can be verified through an interactive protocol together with the signer. A new undeniable scheme was proposed by EPFL. It makes possible to have very short signatures (typically: 20 to 30 bits). This project follows another project consisting of implementing this undeniable signature scheme (MOVA). The aim of this project will be to implement some additional protocol variants as well as a study of optimization techniques such as multiexponentiations.
Abstract

Man in the middle attack against a Cisco 3000 VPN concentrator

Supervisor: Dr. Philippe Oechslin
Status: complete (S�bastien Mathieu, SSC)
Type: Projet 2
Description:When Group Passwords are used as the pre-shared key during Internet Key Exchange (IKE) Phase 1 in the XAUTH protocol, the user name and password in XAUTH are transmitted over the network only encrypted by the Phase 1 IKE security association (SA) which in this case are derived from the Group Password. Since Group Passwords are easily recoverable for everyone having a VPN client, a malicious user will have the ability to either hijack a connection from a valid user or pose as a VPN head end for stealing user names and passwords. In this project we aim at emulating a VPN head end server under Linux in order to steal Username/Password pair.
Abstract

Watch-out: Data-Mining illegal web sites

Supervisor: Dr. Philippe Oechslin
Status: complete (Frederic Keller and Sergio Domingues, SSC, Project in collaboration with the Swiss Watch Industry (FH))
Type: Projet 1
Description:The Internet has become a popular place for selling illegal, stolen or fake products. It gives a large exposure while keeping the seller anonymous to some extent. The goal of this project is to develop a tool that, given the URL of a web site, will search all information available about the site, like the holder of the domain name, the host of the web site, the owner of the IP address, the holder of the e-mail addresses cited on the site and more. The tool will also make a copy of the web site for archiving and will enter the collected data into a database. A simple interface will allow querying the database. This project is carried out in collaboration with the Federation of the Swiss Watch Industry (FH) which fights against the selling of fake watches over the Internet. An excellent project will be rewarded with a special price by the FH.
Abstract

Why Textbook ElGamal and RSA Encryption Are Insecure

Supervisor: Mr. Thomas Baign�res
Status: complete (Sylvain Pasini, SSC)
Type: Projet 2
Description:At Asiacrypt'00, Boneh, Joux, and Nguyen showed why textbook ElGamal and RSA Encryption are insecure. The aim of this project is to understand the reason why the textbook version of these schemes are insecure, and to implement some of the experiments made in the original publication.
Abstract

Summer semester 2004

Breaking A5/1

Supervisor: Ms. Lu Yi
Status: complete (Alexandre Karlov)
Type: Projet 1
Description:Stream cipher is widely used in the real world mobile communications. The main purpose of this project is to implement a fast attack against A5/1 (the encryption algorithm in GSM) by Patrik Ekdahl and Thomas Johansson, and have a true experience with the practical stream ciphers. The attack is supposed to take 5 minutes with a probability of success 70% on a single PC of the average hardware setting.
Abstract

Breaking WEP encryption

Supervisor: Dr. Philippe Oechslin
Status: complete (David Huerlimann & Patrik Bless)
Type: Projet 1
Description:The goal of this project is to analyze the known weaknesses of the WEP encryption for wireless LANs. The students will implement a tool that demonstrates the vulnerabilities by recovering a key from an encrypted stream of traffic. Different options of the attack will be studied and their efficiency compared.
Abstract

Ciphertext Only Attack on GSM

Supervisor: Dr. Philippe Oechslin
Status: complete (C�dric Renouard)
Type: Projet 2
Description:The goal of the project is to implement the attack on GSM encryption suggested by Barkan, Biham and Keller at Crypto 2003. All parts of the attack will be implemented. The precomputation time for the time-memory trade-off involved in the attack will be estimated through measurements and through analysis.
Abstract

Making Presentations with LaTeX

Supervisor: Prof. Serge Vaudenay
Status: complete (Xavier Perseguers)
Type: Projet 2
Description:The prosper package was proposed in order to make animated video presentations with LaTeX, based on pstricks. One drawback is that is does not work with pdflatex and it produces enormous documents with encapsulated Postscript figures. It also have bugs. The purpose of this project is to make the prosper package in a more portable way.
Abstract

Monitoring Chat Users

Supervisor: Dr. Philippe Oechslin
Status: complete (Nicolas Bonvin)
Type: Projet 2
Description:A tool has been developed for monitoring users of various chat systems. It is being used by the police to monitor trading of illegal material by Swiss Internet users. The goal of this project is to make the current tool more robust, to collaborate with an inspector in order to develop advanced features and to adapt the tool to additionnal chat systems.
Abstract

New Applications of the Time-Memory Trade-Off

Supervisor: Dr. Philippe Oechslin
Status: complete (Andreas Huber, SSC)
Type: Projet 1
Description:At Lasec we have developed an efficient cryptanalytical time-memory trade-off and used it to crack Windows passwords instantly. The goal of this project is to implement a trade-off to crack other protection schemes and to experiment new optimizations of the method. Possible targets are MS-Kerberos, the MS NTHash, WEP and file protection schemes of various applications. The first task in this project will be to find a target that is vulnerable to precomputed attacks.
Abstract

RFID tags replacing bar codes: Privacy issues and practical solutions

Supervisor: Mr. Gildas Avoine
Status: complete (Aymeric Bulliard, SSC)
Type: Projet 1
Description:The goal of this projet is to build up a file on the Radio Frequency IDentification (RFID) technology. The student will have to study the RFID specifications in order to describe the technical aspects of these devices, its limits and its capabilities. Then literature should be explored in order to produce a state-of-the-art of the current researches in terms of security. This project is not implementation-oriented.
Abstract

Undeniable Signatures on IPAQ

Supervisor:
Status: complete (Marouane Tlili)
Type: Projet 2
Description:The aim of this project is to implement an undeniable signature scheme on some IPAQ's. This will consist in programming the different algorithms of the scheme. In particular, one of the main task concerns two protocols that require the participation of the signer and the recipient, i.e. some communications between two IPAQ's in this case.
Abstract

Winter semester 2004

File Encryptor on a Smartcard

Supervisor: Mr. Gildas Avoine
Status: complete (Ramun Berger, SSC)
Type: Projet 2
Description:The goal of this project is to design and implement a file encryptor using smartcard. The tool will have to be designed for Linux.
Abstract

Implementation of the quadratic sieve

Supervisor:
Status: complete (C�dric Tissi�res, SSC)
Type: Projet 2
Description:The goal of this project is to implement the quadratic sieve in order to factorize some large numbers.
Abstract

Non Adjacent Digit Sets for use in cryptographic primitives

Supervisor:
Status: complete (Thomas Peyrin, Erasmus CPE Lyon France)
Type: Semester
Description:Techniques for fast exponentiation have been extensively studied; one of them consists in using a non-adjacent representation of the exponent in order to minimize its Hamming weight. At SAC 2003, Douglas Stinson proposed an algorithm to determine if a digits set of the form {0,1,x} is a Non Adjacent Digit Set (NADS). He proved that such NADS exist and characterized infinite families of x such that {0,1,x} is a NADS. The goal of this project is to study the Stinson's paper, in particular to analyse its algorithms and to characterize infinite families of NADS.
Abstract

Strong authentication using PaTHword

Supervisor: Dr. Philippe Oechslin
Status: complete (Pascal Reymond, SSC)
Type: Projet 1
Description:PaTHword cards are a convenient way for memorizing a large number of passwords using a printed card developed and patented by a swiss company (CryptMe). The goal of this project is to create and implement a protocol to use PaTHword cards for strong authentication. A web based application using this protocol will be developed with all features necessary for an ergonomic use and management of the strong authentication system.
Abstract

The security bug catcher, reloaded

Supervisor: Dr. Philippe Oechslin
Status: complete (Andreas Rueegg, SSC)
Type: Projet 1
Description:In a first semester project a tool was developed to automatically find vulnerabilities in existing software. A prototype has been successfully used to find security bugs in FTP servers. The goal of this project is to develop advanced algorithms that make the tool more efficient and to mount an attack against another type of servers (eg. HTTP, SMTP, IKE).
Abstract

Summer semester 2003

Advanced Instant NT Password Cracker

Supervisor: Dr. Philippe Oechslin
Status: complete (Luca Wullschleger, SSC & Claude Hochreutiner, SSC)
Type: Projet 2
Description:An advanced time-memory trade-off method has been developed at Lasec. The goal of this project is to create a impressive demonstration of this method. The latest optimizations will be implemented and a massive precalculation effort will be run. A web based interface will demonstrate the results.
Abstract

Cluster Management Software

Supervisor: Dr. Pascal Junod
Status: complete (Nicolas Bonvin, IN)
Type: Projet 1
Description:Often, the LASEC needs to manage computations requiring huge amounts of CPU power. The goal of this project is to study existing solutions of cluster management, to choose one and to install it on the LASEC computers such that it is possible to gather all the available computing power in a simple way.
Abstract

Electronic Wallet on a Palm Pilot

Supervisor: Mr. Gildas Avoine
Status: complete (Gaetan Conti, IN)
Type: Projet 2
Description:The goal of this project is to implement an electronic wallet on a Palm Pilot. The first stage of the project consists in studying the existant protocols in order to select one of them. The second stage consists in implementing the selected protocol.
Abstract

Empreinte digitale d'images et de films

Supervisor: Dr. Philippe Oechslin
Status: complete (Arnaud Burlet, IN)
Type: Projet 2
Description:The goal of this project is to develop a tool that will help police forces to search a seized computer for illegal material. Knowing the names of the sought files, their checksums and the classic archive formats the tool will discover any matching files. A simple tool for managing the database of illegal material will also be developed.
Abstract

Encrypting FileSystem for Gnu/Hurd

Supervisor: Dr. Philippe Oechslin
Status: complete (Marc Poulhies, IN)
Type: Projet 1
Description:This project consists of the implementation of an encrypting file-system for the GNU/Hurd operating system. The implementation will use the system abstraction of a "store" which will make it possible to use the encryption on different types of storage (device, files, memory, etc.)
Abstract

NIS / NFS security

Supervisor: Dr. Pascal Junod
Status: complete (Sylvain Pasche, IN)
Type: Projet 2
Description:NIS is a UNIX service which allows to manage easily a database of UNIX users. NFS, the Network File System, is a file system which is able to operate on remote machines. Often, NIS/NFS is used to allow people to log on any machine in a LAN and to get their data. It is well-known that the NIS/NFS combination offers a very poor security. The goal of this projet is to study properly the security issues in NIS/NFS, to document them, and to write small programs exploiting these weaknesses.
Abstract

Security Bug Catcher

Supervisor: Dr. Philippe Oechslin
Status: complete (Jan-Olivier fillols, SSC)
Type: Projet 2
Description:Create a tool that will automatically detect vulnerabilities in implementations of a given protocol (eg IMAP, POP3, IKE) using a general model of vulnerabilities and of the protocol.
Abstract

Security Issues in the Andrew File System

Supervisor: Dr. Pascal Junod
Status: complete (Patrick Zehnder, IN)
Type: Projet 2
Description:An alternative to a NIS/NFS system (which allows to manage a database of users and accounts in a UNIX environment) is a combination of the AFS (Andrew File System) and Kerberos. One of the main advantage is an increased security level. The goal of this project is to study the security issues of an AFS/Kerberos installation, to identify potential security problems, to illustrate these problems by the development of small exploits, and finally to write a detailed document describing the critical steps in terms of security during the deployment of such a solution.
Abstract

Winter semester 2003

Collisions on MD4

Supervisor: Dr. Pascal Junod
Status: complete (Arnaud Burlet, IN)
Type: Projet 1
Description:implementation of Dobbertin's attack in order to forge collisions on the MD4 hash function.
Abstract

Cracking ZIP

Supervisor: Dr. Pascal Junod
Status: complete (Fabrice Pasquier, SSC)
Type: Projet 2
Description:Implement two attacks on encrypted zip files (one based on known plaintext by Biham & Kocher and an extension of it based on predictable random numbers by Stay) in order to recover the files in less than an hour. In case of diploma work: find optimisations that either reduce the amount of known information needed or increases the speed of cracking, possibly by using precomputed data.
Abstract

Cryptographic Applications for iPAQ over Bluetooth

Supervisor: Mr. Gildas Avoine
Status: complete (Steve Vaquin, SSC & J�r�me Berclaz, SSC)
Type: Projet 2
Description:Implementation of cryptographic applications for iPAQ over Bluetooth.
Abstract

Elliptic Curves Factorisation

Supervisor:
Status: complete (Thomas Baigneres, SSC)
Type: Projet 2
Description:The goal of this project is to understand and implement the algorithm of factorisation ECM. This algorithm due to Lenstra uses elliptic curves in order to find the factorisation of a B-smooth integer n. The idea is that we perform some computations on an elliptic curve mod. n until we detect an error of computation due to a division by a multiple of a prime factor of n.
Abstract

IDS in Large Scale Networks

Supervisor: Dr. Philippe Oechslin
Status: complete (Alexandre Aellig, SSC)
Type: Projet 1
Description:The project context is the developpement of the IT security systems at CERN, which consist in 2 major parts:

- Creation of an intrusion detection system (IDS) distributed on the CERN network, composed of several sensors in order to detect specific types of attacks. The sensors can operate either on the network level (trafic scanning) or on the OS level, with IDS kernel modules or syslog parsers. The reports are centralized to a security server.
- Security prevention by servers scanning the network for potential security breachs and reporting to the security server.

An autonomous IDS sensor will be developed under Linux. It will be generic and easily configurable and run as a kernel module. The sensor is destined to be deployed at a large scale on CERN Unix workstations and will interact with the central security server. An opportunity to survey the current state of art of IDS is given by the RAID2002 conference which will be held in October in Zurich.
Abstract

Key Ring Safe

Supervisor: Prof. Serge Vaudenay
Status: complete (Minh-Thanh Nguyen, SSC)
Type: Projet 2
Description:The project consists of developping an application which will manage the security of a set of secret keys.
Abstract

Linux on iPAQ

Supervisor: Mr. Gildas Avoine
Status: complete (Guillaume Bisch, IN)
Type: Projet 1
Description:Experiment the linux OS on iPAQ and implement security applications.
Abstract

Monitoring IRC User Migration

Supervisor: Dr. Philippe Oechslin
Status: complete (Vincent Magnin, SSC)
Type: Projet 2
Description:Implement a tool that monitors the migration of IRC users among channels, starting from a group of channels with a well known topic. Based on this data, discover new channels that have the same topic. Refine the analysis by category of users.
Abstract

Power Analysis on smartcards

Supervisor: Mr. Brice Canvel
Status: complete (Numa Schmeder, SSC)
Type: Projet 2
Description:experiment differential power analysis on smart cards.
Abstract

Secure Key Exchange

Supervisor: Dr. Pascal Junod
Status: complete (J�r�mie Clergue, SSC)
Type: Projet 1
Description:we compare several key exchange protocols: EKE, PAK, PPK. We implement it and study their efficiency and security.
Abstract

WEP and CBC-PAD attacks

Supervisor: Prof. Serge Vaudenay
Status: complete (Martin Vuagnoux, SSC)
Type: Projet 2
Description:The purpose is to study the attack against CBC-PAD in TLS of Canvel et al. and to investigate possible connexion with attacks against WEP.
Abstract

Summer semester 2002

Advanced exploitation of buffer overflows

Supervisor: Dr. Philippe Oechslin
Status: complete (Olivier Gay, IN4)
Type: Projet 1
Description:The goal of this project is to write an extensive report on buffer overflows and their advanced exploitation.
Abstract

Advanced host detection using TCP/IP

Supervisor: Dr. Philippe Oechslin
Status: complete (S�bastien Mathieu, SSC3 & C�dric Tissi�res, SSC3)
Type: Projet 1
Description:The goal of this project is to explore ways to detect and identify hosts remotely using furtive scaning methods.
Abstract

Encrypted conduits for infrared connections

Supervisor: Mr. Gildas Avoine
Status: complete (Simon Leo, SSC5 & Vincent Mischler, SSC5)
Type: Projet 2
Description:The purpose is to implement an encryption algorithm in order to secure infrared connections between two Palms or between a Palm and a laptop.
Abstract

Instant NT Passwords Cracker

Supervisor: Dr. Philippe Oechslin
Status: complete (Maxime M�ller, SSC3)
Type: Projet 1
Description:Create an instant password cracking service for NT , based on a dictionnary containing all hashes of alphanumeric passwords.
Abstract

Man-in-the-Middle attack in a windowing system

Supervisor: Dr. Philippe Oechslin
Status: complete (Alessandro Crespi, IN4)
Type: Projet 2
Description:A lot of attention is given to protect communication between server and client software. Little is done to protect communication between the client and the actual user. Implement a program that will intercept keyboard input and window display to fool a user of a secure application (eg. e-commerce, telebanking).
Abstract

Vigen�re

Supervisor: Dr. Pascal Junod
Status: complete (Marc Saban, SSC3 & Thierry Lephilibert, SSC3)
Type: Projet 1
Description:Implement the Vigenère cipher and attacks against it.
Abstract

Winter semester 2002

A new public key cryptosystem based on residuosity

Supervisor: Prof. Serge Vaudenay
Status: complete (Mohamed Faouzi, SSC5)
Type: Projet 2
Description:Several cryptographic systems have been proposed based on quadratic residuosity and extensions. This project aims to survey these cryptosystems and to develop a new one.
Abstract

Cryptanalysis of PKCS#1

Supervisor: Dr. Pascal Junod
Status: complete (Thomas Baign�res, SSC4)
Type: Projet 1
Description:The purpose is to analyze and implement the attack of Bleichenbacher against the former RSA standard PKCS#1.
Abstract

DNS spoofing

Supervisor: Dr. Pascal Junod
Status: complete (Marco Ricca, SSC3)
Type: Projet 1
Description:The goal of this project is to implement a program which intercepts DNS queries on a LAN and returns fake responses, such that it is possible to mount a real man-in-the-middle attack against several protocols.
Abstract

ENIGMA

Supervisor: Dr. Pascal Junod
Status: complete (Mathieu Vonlanthen, SSC3 & Malik Hammout�ne, SSC3)
Type: Projet 1
Description:Implement the 3rd Reich Army encryption system ENIGMA and the way the allied forces broke the system.
Abstract

Factorisation

Supervisor: Prof. Serge Vaudenay
Status: complete (Guillaume Emonet, SSC5)
Type: Projet 2
Description:Implementation of factorisation algorithms.
Abstract

POP and IMAP access control

Supervisor: Dr. Pascal Junod
Status: complete (Urs Nyffeler, SSC3 & Lars Renfer, SSC3)
Type: Projet 1
Description:Access control to a POP3 or IMAP4 mailbox is authenticated by a protocol which is specified in the RFC2195. The project consists of implementing a simple IMAP4 client and server with this authentication facility and of analyzing its security.
Abstract

Secure messaging system for PDA over 802.11

Supervisor: Prof. Serge Vaudenay
Status: complete (Ron L�vy, SSC5 & Stefano Lepri, SSC5)
Type: Projet 2
Description:The purpose is to implement a secure messaging system over a network of PDA with 802.11 communication prototol.
Abstract

Summer semester 2001

Desktop access control with a Palmtop I

Supervisor: Prof. Serge Vaudenay
Status: complete (Alfonso Navarro, SSC3)
Type: Projet 1
Description:Instead of having access control with smart cards on a desktop, we aim to implement it by using a palmtop.
Abstract

Desktop access control with a Palmtop II

Supervisor: Prof. Serge Vaudenay
Status: complete (Eric Weber, IN4)
Type: Projet 2
Description:Instead of having access control with smart cards on a desktop, we aim to implement it by using a palmtop.
Abstract

Winter semester 2001

Man-in-the-middle attack against SSL

Supervisor: Mr. John O. Pliam
Status: complete (Numa Schmeder, SSC3)
Type: Projet 1
Description:Implementation of a fake client/server in between an SSL connexion in order to monitor the encrypted transmission.
Abstract

SSH

Supervisor: Mr. John O. Pliam
Status: complete (Martin Vuagnoux, SSC3)
Type: Projet 1
Description:SSH is a software which provides secure access control. The project consists of understanding, simulating and improving it.
Abstract

Study of a strong entropy gathering mechanism: the Linux case

Supervisor: Dr. Pascal Junod
Status: complete (Andrea Deborah Schweitzer, SSC3)
Type: Projet 1
Description:Producing unpredictable pseudo-random numbers is a central issue in cryptographic software. The goal of this project is to study the Linux /dev/random device, to describe , to understand and to discuss its functioning. Furthermore, some statistical tests have to be implemented in C which will check the statistical quality of its output.
Abstract