Semester Projects

This student project's aim is to contribute to an ongoing, larger project focused on developing a secure mesh messaging application for the International Committee of the Red Cross [1]. We want to build an application that enables field workers to communicate via smartphones in areas lacking internet or phone connectivity, without requiring additional hardware. We have already developed a prototype mobile application that implements the networking layer, including routing and delay-tolerant networking, using peer-to-peer WiFi connections on both major mobile platforms. Student projects already scheduled to run in the next phase will build upon this foundation by integrating security mechanisms and improving the networking parts.

The final aspect of the larger project, and the topic of this student project, involves conducting a comprehensive experimental evaluation of the application. This includes managing a testbed of physical devices, running basic performance tests to assess the application's real-world effectiveness, but also conducting larger experiments with people. Potential extensions could include developing a simulation framework to test scenarios we cannot run in practice, as well as performing security tests.

Familiarity with subjects such as testing, network security, and Android and/or iOS app development in general would be advantageous. However, it is not a strict requirement for highly motivated students eager to learn.

References

[1]: external page https://eha.swiss/case-study/wireless-mesh-networking-for-humanitarian-communication-2/

(Supervisor: Prof. Kenny Paterson, Joint Supervisors: Yuanming Song, Kien Tuong Truong)

This project investigates the largely unexplored area of timing side channels in data compression and decompression, building upon recent findings that highlight vulnerabilities in decompression processes. Data compression, while effective in reducing data size by eliminating redundancy, unintentionally introduces information leakage vectors, such as compression ratio side channels, previously exploited in attacks like CRIME and BREACH. The project aims to investigate timing variations during both compression and decompression, striving to enhance the reliability and efficiency of decompression timing side-channel attacks and exploring the potential for similar vulnerabilities during compression. The research may also extend to examining other compression algorithms, such as brotli and bzip2, for their susceptibility to timing side channels. Practically, the project involves crafting payloads to exploit timing differences, potentially through manual analysis, automated tools, or by adapting existing techniques for compression ratio side-channel attacks, with a strong focus on implementation and experimentation.

(Supervisor: Prof. Kenny Paterson, Joint Supervisors: Dr. Simon-Philipp Merz, Kien Tuong Truong)

This student project focuses on the emerging field of post-quantum cryptography, specifically exploring cryptographic systems based on the computational difficulty of decoding linear error-correcting codes. As quantum computers pose a threat to current public-key encryption, research in post-quantum cryptography has gained importance. The project aims to systematize recent advancements in information-set decoding (ISD) algorithms, which are crucial for understanding and potentially improving code-based cryptanalysis. The project will provide a comprehensive overview of existing ISD algorithms, analyze their variations and how they exploit the structure of decoding problems, such as regular syndrome decoding. Additionally, it will evaluate current leading implementations of ISD algorithms and seek to achieve concrete performance improvements. This research will contribute to the standardization efforts by organizations like the US National Institute of Standards and Technology (NIST) in developing secure cryptographic systems for a post-quantum world.

(Supervisor: Prof. Kenny Paterson, Joint Supervisor: Dr. Lenka Mareková)

This project's aim is to develop a Systematization of Knowledge, a type of work which aims to comprehensively review, organize, and synthesize existing knowledge on a particular topic. In this case the focus will be on mesh networks and their applications to offline communications, taking a broad definition of "mesh" to include traditional ad-hoc networks [1,2], peer-to-peer systems as well as more recently proposed mesh messaging designs [3,4,5], spanning cryptography but also security research more widely. The project will also survey a host of existing practical tools and their capabilities [6,7,8], thus providing a comprehensive overview of what is available in the real world, and what the potential gaps are.

The goal will be to catalogue existing usecases in which these networks have been or were intended to be utilised and describe the functionality they provide; to identify key assumptions behind the proposed designs; describe common threat models as well as the promised security guarantees. The work could also draw on related concepts from the anonymity and censorship resistance literature, and as a potential extension explore social science works on internet shutdowns and other contexts where standard communication media are not available or not reliable enough for use.