2016-2017 Part II or MPhil Project Suggestions by Frank Stajano
If you are a brilliant programmer and are also interested in security, I want to hear from you!
The project suggestions below are © Frank Stajano. They turn into project proposals with a substantial contribution from a suitable candidate in the context of a constructive discussion and negotiation. You are expected to have done some background research on the topic before discussing it with me in person. The Pico website may be a useful source of additional information for many of these projects.
Note that a standard condition of me offering these projects is that all work performed (code and write-up) be released as open source.
After a mutual assessment that we are a good match, you may be supervised by me or by one of my knowledgeable associates, according to availability.
Pico Lens for Chrome
Pico Lens is a Firefox extension that lets Pico interact with web logins. The extension identifies traditional login forms in web pages, and can offer the option to sign in using Pico instead. Pico will then communicate with the browser over the Internet, via a Java daemon that implements the Pico protocols.
Port the Pico client to iOS
Authentication using Pico involves a hardware device that can scan a QR code or communicate using Bluetooth. Currently this has been implemented as an Android app that can run on the user's smartphone. However, given that a significant proportion of people use iPhone devices, it would be interesting to have a version running on iOS.
Although this could be a straightforward port, some big changes to
the project structure could be involved, and there is also scope for
creativity. The user interface for example should meet the iOS style
guidelines, and any new features that iOS offers that could improve
usability should be investigated. Plus, porting software is always a
good opportunity to redesign and make it better.
Frank Stajano. Pico: no more passwords!
Log into your Mac computer using Pico
Pico is intented as authentication device for any platform. Some work has been done in the past to support authenticating to Windows and Linux machines but no study has been done regarding macOS.
For this project you would have to implement a login scheme on Mac using Pico. Possibly part of the current Linux implementation can be used.
The candidate who takes on this project must already own and use a
Mac computer and enjoy low-level OS hacking.
Frank Stajano. Pico: no more passwords!
Implement Password Manager Friendly (PMF)
One of the problem encountered by password managers, and by Pico Lens, is how to find and correctly interpret a login form in a web page. Sometimes this can be guessed, but in other cases it is hard to detect. Password manager friendly (PMF) is a proposal of a standard for web pages that defines a number of annotations for form elements, which would make it easy for a password manager to find the correct data.
For this project you would implement the standard in at least two
widely-used browsers (Chrome and Firefox), and modify some popular web
page frameworks (e.g. Wordpress) to include it. As an extension, it
would be good to make contact with those projects and have your
implementation approved, thereby making a real contribution to
open-source projects. It would also be great to persuade some websites
actually take up PMF and include some user testing in the scope of the
Frank Stajano, Max Spencer, Graeme Jenkinson, Quentin Stafford-Fraser. Password-manager friendly (PMF): Semantic annotations to improve the effectiveness of password managers. Proc. Passwords 2014, Springer LNCS 9393.
Tagged email from Thunderbird
The mail system at Cambridge helpfully delivers any mail addressed to firstname.lastname@example.org (note the double hyphen) to the base address email@example.com, for any tag. This allows you to generate arbitrarily many distinct addresses that will all deliver mail to your account. When you have to subscribe to a mailing list or sign up to a web form, you can give them firstname.lastname@example.org and reliably filter all their mail to a specific folder. (And if you then get spam from someone else, you know who leaked your address.)
What's missing from this system is a convenient way for you to reply as email@example.com, so that you could also reliably filter your own messages into that same destination folder. You might write a client-side extension to Thunderbird to do that. So far this is fairly easy, so something else would need to be added to the plan for this to become a sizeable project.
vPro security and VNC viewer plus on Linux
VNC is a widely used software KVM that allows you to access a display remotely, even from a different architecture (e.g. drive a Windows desktop from a Linux laptop). Intel vPro is a technology, included in some modern processors and chipsets, that embeds a VNC server in the hardware, thus allowing a system administrator to access a computer remotely, even when the OS is not running and even when the machine is (soft) off. The administrator may view the boot screen of the remote computer, remotely enter the BIOS setup screen and even boot the remote machine off her own local CD.
You will implement a Linux version of the VNC Viewer Plus that connects to selected VPro processors (the retail version of VNC Viewer Plus runs only on Windows). As part of that, you will understand the authentication mechanisms so as to be able to explore and hopefully fix any potential vulnerabilities. What if a bad guy could impersonate the security administrator and 0wn your computer at a distance?
Concerning licensing the code, besides the standard condition that you will release all your work as open source, for this project the RealVNC company, makers of VNC, would also offer support (ie access to the lead developer of VNC Viewer Plus, and potentially an internship after the degree) in exchange for them getting from you an additional commercial licence to the final code at zero cost to them.
Vassilios Ververis, Security evaluation of Intel Active Management Technology, MSc Dissertation, KTH Stockholm, 2010.
Privacy-protecting PIM on smartphone
15 years ago, only the geek carried around a PDA (personal digital assistant) with their calendar, notes and contacts list. Nowadays, everyone and their dog has a smartphone with vastly superior PIM (personal information management) functionality. However, in the new world, privacy suffers: whether the smartphone is from Apple or Google, your data is stored in plaintext in NSA-accessible cloud storage, rather than locally on your own devices.
In this project you'll build a PIM system (for Android or IOS, at your choice) that won't trust the cloud for storage of user data. It will still allow editing on one device and viewing on another and it will, as far as possible, reuse existing PIM programs by transforming the back-end rather than rewriting the front-end. Different architectures (from local-only storage and peer-to-peer sync to encrypted in-cloud storage) will be explored and compared against the state of the art in research, including Google's Nigori which local PhD student Daniel Thomas is extending to support synchronization.
With an eye to security usability, ease of installation and maintenance for non-technical users will be considered an important feature.
Making MythTV more robust
MythTV is an open source digital video recorder. It's brilliant, but it depends rather unhealthily on a central database of metadata (conceptually similar to the dreaded "windows registry" or the equally dreaded itunes) without which its archive of recorded files becomes practically unusable: the database contains the names and dates of the shows, the cutlists describing the parts you edited out (commercials and head/tail) and so forth. This makes the system rather unstable because, if the database gets corrupted, then your terabytes of thousands of hours of recorded video become practically unusable. If you get fed up and reinstall from zero on a new hard disk, it's practically impossible to merge two video archives.
In this project you will address this problem by first providing an export and mergeback facility for the video archive (the current backup/restore does not support merging) and then, more substantially, by redesigning the architecture so that each video recording is atomically associated with its own metadata (e.g. by introducing a new file type consisting of an archive with both the video and its metadata). The focus of this project is not security but robustness, usability and good software engineering.