CS88 Final Project

Checkpoint 1: Problem Statement: Due November 29th, 11:59PM ET.
Checkpoint 2: Working Code and Data Analysis Due: December 7th, 11:59PM ET.
Completed Presentation: Due: Saturday, December 10th, 11:59 PM ET

1. Project Goals

Identify and articulate a specific, and concise problem statement in a security topic to research.
Build your skill set based on your understanding of core networking topics, and apply them to real-world security problems, through implementation, data analysis or literature review.
Give a 10 minute presentation on the topic of your choice.

2. Overview

In this lab, your group will investigate a security topic in depth, and should be able to convey through a small implementation, simulated attack or through a literature review of a problem you’ve investigated in lab

You can choose from a very broad range of projects, but your project must have a main focus on Security Systems. There should be a high-level question that you should frame and answer though your project.
You can come up with your own project idea or start with one of the suggestions below. Any of the following suggestions will function as just a starting point for a project idea, and are not fully investigated concepts. As a result, all of them will require some background investigative work and further definition of the problem you are solving and how you plan to solve it.

3. Getting Started

You should begin with a general idea of the problem you want to look at, then do one or more of the following:

a literature search of related work
related projects to get some ideas of what has been done
what some approaches are to solving your problem.

It is fine to do a project whose goal is to reproduce other researcher’s results, and/or to compare different, already developed, approaches to a particular problem.

You can work in groups of 2 to 3. If you would like to change your group membership, please send me an email with all of your group members.

3.1. Your Project Starting Point

Log into CS88 Github for our class and get the ssh-URL to your lab git repository. Follow along with the prompts below to SSH, create a lab directory and clone your lab repos.

# ssh into our lab machines
ssh yourusername@lab.cs.swarthmore.edu

# cd into your cs43/labs sub-directory and clone your lab2 repo
cd ~/cs88/labs
git clone [your-ssh-URL]

# change directory to list its contents
cd project-user1-user2

# ls should list the following contents
ls
README.md  data-analysis/  lab-extension/  lit-review/	presentation/  problem_statement.md

You should find the following files and directory structure in your Github repositories.

There is no starting point code, since your group will decide on the kind of project you plan to implement.

problem_statement.md is due for Checkpoint-1

There are three folders for each of the project options: data-analysis/ lab-extension/ lit-review/. You should only need one of these folders, depending on the project you choose.
- Within each project folder, feel free to add more folders to keep your Github repo organized. The lit-review/report.tex only needs to be submitted if you plan to do a literature review.

Your working lab-extention/data-analysis and a complete lit-review are due for Checkpoint-2

Finally, there is a presentation folder should contain your presentation. You should push presentation-username1-username2.pdf of your presentation here.

The final deliverable is your presentation.pdf.

4. Deliverables

Checkpoint 1: Complete and submit problem_statement.adoc.
Checkpoint 2: Submit your code and results. Or, submit your report. Your final report should be named Report-username1-username2.pdf
Final Project: Your completed presentation.

5. Project Ideas

There are three categories of projects that you can choose to implement.

5.1. Projects based on lab extensions

The projects in this list are based on lab extensions.

If you choose a project in this list on lab extensions, send me a private edstem post and I will push starter code to your Github repo

Since these might involve some new ways of working through labs, we can go over your design choices, and functions you would need to get started with implementation.
With these projects, your presentation should describe what you have done in your previous and related labs, and tie it in with the current lab, and relate your work to real-world vulnerabilities and attacks.

Software Security

return-to-libc attack: A canonical exploit of a buffer-overflow vulnerability is to overflow the buffer with a malicious shellcode, and then cause the vulnerable program to jump to the shellcode that is stored in the stack. To prevent these kind of attacks, most O.Ses make stacks non-executable; making such attacks infeasible.

Unfortunately, this protection is not fool-proof and it does not even use shell code. Instead, it causes the vulnerable program to jump to some existing code, such as the system() function in the libc library, which is already loaded into the memory.
Format string vulnerability attack: A format-string vulnerability is caused by code like printf(user_input), where the contents of variable of user_input is provided by users of the program. Malicious input can do the following: (1) crash the program, or (2) read or modify arbitrary memory.
- For each of these projects, your final presentation should be able to explain the vulnerabilities, and defenses that prevent the buffer-overflow attack in Lab 1 and relate it to the attack of your choice above.

Cryptography

Hash extension attack: The hash extension attack is an attack on Message Authentication Codes. Here, we assume that a client and server share a symmetric key. The server expects a MAC argument in the request. This MAC is calculated insecurely by concatenating the key and request arguments. Now, an attacker can intercept a client request to a server, expand the message, and calculate a correct MAC without knowing the key. Your task is to use this vulnerability to attack a server program and additionally, fix the server vulnerability in MAC generation by using HMACs instead.

In your final presentation, present your attack in the context of the other labs on symmetric-key cryptography that you’ve attempted in the course.

Web Security

CSRF and Clickjacking attacks: These attacks extend on the SQL and XSS labs from Lab 2a and Lab2b.
- Recall that in a CSRF the victim holds an active session with a trusted site while visiting a malicious site. The malicious site injects an HTTP request for the trusted site with the victim’s session cookies, that then executes on the trusted site, without the victim’s knowledge. For this extension, you can use the Elgg social networking site we setup for the XSS attacks in Lab2.
- Clickjacking, is an attack that tricks a user into clicking on something they do not intend to when visiting a webpage, thus "hijacking" the click. In this extension, we will explore a common attack vector for clickjacking: the attacker creates a webpage that loads the content of a legitimate page but overlays one or more of its buttons with invisible button(s) that trigger malicious actions. When a user attempts to click on the legitimate page’s buttons, the browser registers a click on the invisible button instead, triggering the malicious action.

Network Security

Enhance the DNS infrastructure using DNSSEC: DNSSEC is a set of extension to DNS, aiming to provide authentication and integrity checking on DNS data. With DNSSEC, all the answers from DNSSEC protected zones are digitally signed. By checking the digital signature, a DNS resolver is able to check if the information is authentic or not. DNSSEC prevents DNS cache poisoning attacks can be defeated. In this project, you will be provided with a miniature DNS system developed with DNSSEC. Your task is to configure each of the nameservers, so they all support DNSSEC.
Launch the Kaminsky, a DNS Cache poisoning attack: This attack launches a remote DNS cache poisoning attack. Unlike the DNS rebinding attack, here the attacker is not on-path, and cannot sniff packets over the same local area network. Assuming DNSSEC is not enabled, your task is to poison the DNS cache and misdirect users to visit malicious destinations by remapping the hostname to IP mapping
Launch attacks on TCP (The Mitnick attack) The Mitnick attack is a type of TCP session hijacking attack, that spoofs TCP session sequence numbers, to gain access to a remote system. Read up on the full attack here.

5.2. Dataset Analysis, Attack Detection and Prevention based on real-world measurements

The projects in this list are based on data analysis of real-world network measurements. These projects will involve (a) understanding and parsing the formats of these datasets and what the data represents, (b) experimenting with how to visualize data and (c) replicating existing results, or using ML or AI algorithms to learn patterns in the data, and/or find anomalies in the data

Here is a non-exhaustive list of project ideas:

Analysing Crypto-Currencies
Pick and choose from the Security Datasets Project.
- If you would like to install specific software for the data analysis you are doing, give me an email so we can figure out your needs and the best CS machines or potentially AWS cloud resources to get you started.
SPAM collection data set
A large set of Security Datasets, and another.
- Examples of preliminary analysis in Jupyter Notebooks
- An example of how you might run some data analysis on Malicious URLs.
Cybersecurity Data released by the U.S Department of Energy
Analysis of Network Traffic from the ANT Labs at ISI
You can even use security related Kaggle datasets such as Credit Card Fraud, Fake and real news datasets
Network data captures from NSA
DARPA Datasets: Predict application type looking at encrypted and unencrypted network data, (Older) Intrusion Detection Datasets: link1, link2, link3.
Datasets from the Stratosphere Lab
- E.g., Malicious and Benign IoT Traffic
Analyzing PCAP files to detection and prevention: Network Security
- PCAPs of Malware of the Day
- Sample Wireshark Captures

Tips that might help

Analysing pcap files using scapy
Wireshark Analysis: Analysis of TCP Flows, TLS, or HTTP.

5.3. Literature Review Projects

The projects in this list involve an in-depth analysis of a specific research topic related to Security. This would have little or no implementation and testing, but would involve an in-depth literature investigation of a topic and an in-depth written report on what you learned that would include an extensive bibliography (10 - 12 references).

You can choose any sub-topic from the list of topics we covered in class or a topic of your choosing or a topic from one below. Note these topics are just broad ideas, you will need to find a well-scoped smaller sub-topic within these (many exist for each topic!)

Botnets
Underground economies
Privacy
Usable Security
Government oversight: Implications for security and privacy
Cyber-war fare
Privacy and ethics

6. Handy Links

Prof. Tia Newhall’s links to Research, Writing and Presentations
How to read a paper
How to write a paper

7. Grade

This project will count for 7% of your grade.

Your grade is not based on how novel your results are, but rather in your ability to convey your understanding of the problem, and how to properly frame and analyze your discussion or experimental results.

The final grade for this is project is based on

the execution of the lab experiment/ cohesiveness, clarity, and completeness of your data analysis/literature review.
communication clarity and presentation clarity (label all figures, clear section titles, etc).