Research, Projects and Philosophy of Lifemihir/cse191/projects.pdf · Research, Projects and...
Transcript of Research, Projects and Philosophy of Lifemihir/cse191/projects.pdf · Research, Projects and...
Mihir Bellare, UCSD1
CSE 191: Beyond Courses
Mihir BellareUCSD
Research, Projects and Philosophy of Life
Mihir Bellare, UCSD2
Discussions with instructor prior to proposal and report are encouraged!
Item Due
Proposal April 19, electronically
In class presentation June 8
Written project report & meeting June 8—14
Project • Should be related to cryptography and security.• Theory, implementation or both.• Individual or in teams of size at most 2.
Intent is to allow you to take the lead, explore, get exposure to research.
Mihir Bellare, UCSD3
Project Proposal
Think of as a proposal to the NSF.What you plan to do.
Intellectual merit: new ideas, why this is interesting.Broader impact: why it matters, how it makes the world better.
Expected deliverables.
One page typeset (latex encouraged!) document.
It’s ok if you deviate from the proposal in your project.You may change things.You may scale the scope up or down.
Mihir Bellare, UCSD4
Written Report
Typeset (latex encouraged!) document
Quality of exposition in the report is an important criteria for grade.
Clear, concise, convincing.Explain motivations, methodology, findings, prior work, conclusions.Use correct mathematical language.Make it accessible.Show critical judgement. Sell your ideas!Think of as a conference submission.
Mihir Bellare, UCSD5
Teams
Not all partners are as bad as Calvin …Consider working with a partner.Expectations for team projects are somewhat higher.But you can benefit by combining expertise.
Mihir Bellare, UCSD6
Process
I meet individually with each team.Usually this is done during class time.
Alternatively (and if we have too many teams) I can arrange meetings in my office, different days and times. May be more convenient for everyone.
Mihir Bellare, UCSD7
Your project should beFun for you
Interesting for othersValuable, Sellable, Doable
Find something you would like to doConvince instructor it is worth doing
Try to figure out what instructor wantsHate it, try to do it anyway
NO YES
Think of purpose of project as being to
LearnUnderstand
Think of purpose of project as being to
CreateCritiqueInform
DoSurprise
Make the world a better place
Mihir Bellare, UCSD8
Project directionsApps
Gmail encryption pluginFacebook encryption plugin
On-line casinoCommitment app
Google drive encryption
AttacksTLS, Logjam
WEPImplement, test
EducationalVideos, tools
Interesting implementationsImplementing AES is boring …Instead, interesting primitives
Novel platformsTarget high performance
StandardsCAESAR competition
Password hashing competitionRFCs: 6955, 6979, …Formalize their goals
Analyze methods, give new ones
SystemsBitLocker, FileVault
iPhone or Android appsAndroid LVL obfuscation
OTR & secure messagingTLS 1.3
Pond
PrimitivesNew security notions
Relations between notionsSubversion
All things related to Snowden and FBI revelations.Figure out what is going on.Threats, attacks, defenses.
Mihir Bellare, UCSD9
Some (somewhat) more specific possibilities
Signing in adobe pdf
Apple vs. FBI
We draw our signature or insert an image of it. Can this be extracted from the pdf by an attacker to create a forged document?Study iOS security architecture document. Figure out issues. Specify goals and explore changes to the password mechanism that could reach them. https://www.apple.com/business/docs/iOS_Security_Guide.pdf
Secure messaging
Study secure messaging systems like whatsapp or OTR. What crypto do they use and how good is it? Implement your own, easy to use, secure text-messaging app. http://www.jbonneau.com/doc/UDBFPGS15-IEEESP-secure_messaging_sok.pdf
DES/AES with linear round functions
Find attacks on block ciphers like AES, DES in the case the round functions are simple functions like linear ones.
Better password-based authentication.
Sending password in clear over TLS is bad due to server compromises. There are better protocols. Specify and implement them.
Mihir Bellare, UCSD10
Some (somewhat) more specific possibilities
No more randomness
Number theory made easy
Attackers subvert the randomness used by encryption. Our group has developed nonce-based cryptography in response. Instantiate, implement, add to PGP.
Design and implement an educational aid for number theory in cryptography.
Constrained collision-resistance
Revisit the security of the MD transform underlying the SHA1 and SHA2 families of hash functions.
AES-GCM-SIVAnalyze the security of this authenticated encryption scheme now under consideration for standardization by cfrg. http://www.ietf.org/id/draft-gueron-gcmsiv-02.txt
Let’s Encrypt Analyze the security of this free, simple certificate issuing service. https://letsencrypt.org/
Mihir Bellare, UCSD11
Some (somewhat) more specific possibilities
ZRTPThis key exchange protocol is used in Silent Circle, an encrypted voice/video/text service. Study it and analyze its security. http://blog.cryptographyengineering.com/2012/11/lets-talk-about-zrtp.html
Deterministic PKEDevelop definitions, schemes and security proofs for message-recovery security of public-key dependent messages for D-PKE and related primitives.
Mihir Bellare, UCSD12
Educational tools
Improve and extend PlayCrypt
To explain and illustrate cryptographic concepts from CSE 107.
Animations and videos
This is the Python-based system for implementing cryptographic games used in CSE 107, started by Aviv Kiss.
Mihir Bellare, UCSD13
Learning?Getting good grades?Getting a good job?
Eventually making lots of money?Eventually being famous?
What is the purpose of education?
Another answer: The purpose of education is self discovery.
What do I really want to do with my life?What am I good at?
What am I not good at?How does what I do help?
Mihir Bellare, UCSD14
There is an established body of knowledgeExperts agree upon itYour job is to learn itYou learn the rules
You become an expert
COURSES RESEARCH, BEYOND COURSES
Question, challenge, critiqueEstablished knowledge can be flawed
CommunicateCreate
Mihir Bellare, UCSD15
Disciplines often start as revolutions. But over time, a discipline becomes NORMAL SCIENCE.
Students are assimilated into the culture.
The GREAT works are the Model Revolutions and Paradigm Changing ones. Assimilation into the culture moves you away from such work.
The disciplinary culture becomes a RELIGION.
Mihir Bellare, UCSD16
Be an ARTIST
Make your papers BEAUTIFUL, AESTHETIC, CREATIVE. They are how you express YOURSELF.
Mihir Bellare, UCSD17
Authenticity
Hear your inner voice. Express yourself.
It’s HARD!
So much pulls us away from that voice.
But authentic work and writing has a quality and impact that is tangible.