University of Cambridge Computer Laboratory foto

Student Project Suggestions – Ross Anderson

Most of the chapters of my book have suggestions for further research at the end, some of which might make decent student projects.

Further ideas below.

Bluetooth tracking privacy bubble

Bluetooth-based tracking tags have been available for a decade for finding lost items. They were pioneered by companies like Tile and popularised by Apple's AirTag, which has the global user base of Apple products listening for AirTags in their vicinity and reporting ones they find back to a central server. Unfortunately this new capability has been exploited for criminal purposes such as stalking. This project will explore registering tags into two modes – normal tracking tags and inhibitor tags. When in range of an inhibitor tag, a device will not report any tracking tags it detects within a given interval of time and space. This will let people create a "protection bubble" around themselves and their property. You will use open-source bluetooth tracking tags to demonstrate and develop the concept; you'll propose and test potential implementations, investigate mechanisms such as encryption, and conduct real-world trials.

Blocking attacks based on Unicode

We've discovered that adversarial encodings of text can be used to break text-based machine learning systems, which has significant implications in the NLP domain. This project is to write and publish a series open-source utilities to defend against these adversarial encodings. These utilities should implement a series of text encoding normalization procedures as described in the paper Bad Characters: Imperceptible NLP Attacks, including control-character resolution, invisible-character removal, and the resolution of homoglyphs by means of an efficient OCR ML model. The implementation would likely be in Python for publishing on pip and integration into existing NLP tokenizers via PRs into commonly-used tools.

Hardware trojan detection

There is a lot of interest in whether you can detect a hardware Trojan that a manufacturer has been ordered to insert by its government. In this project your task is to use one of the Lab teaching boards to create a CPU with such a Trojan, designed to signal out the contents of a certain memory location (that might contain, for example, a target cryptographic key) by modulating the device's power consumption using a secret pseudonoise sequence. You then measure whether the extra noise can be detected using standard testing techniques by someone who does not know the secret key, and whether the target can be extracted by someone who does. (For the former, see for example papers no. 63, 94 and 126 from here.)

Contact details

University of Cambridge Computer Laboratory
JJ Thomson Avenue
Cambridge CB3 0FD, England

Tel: +44 1223 33 47 33
Fax: +44 1223 33 46 78