Assignment of the project topics
Stefano Germano - "Stealth installation of Command & Control software on Windows machines"
Maxwell Kusi Asare - "Cryptography & World War II"
Carmelo La Gamba & Luigi Molinaro - "The Android application authentication, licensing & security model"
- Alessio De Rango - "NFC Security issues"
- Ari Wijayanti - Credit card, e-commerce transaction schemes and the Stripe infrastructure
- Francesca Aceto - Car Security Code authentication schemes
- Fabrizio Cava - ATM Cards authentication schemes
- Jessica Zangari - DRM authentication schemes
- Giuseppe Lombardo - "Advanced Phishing and Scam techniques"
- Laura Putignano - "Oracle Database security features and best implementation practices"
Alessandra Baccari - "The Facebook authentication & security model"
Davide Fuscà & Maurizio Macrì - "Creation of collisions in the MD5 domain"
Available - "3-Parties authentication schemes: the OAuth scheme and Google implementation"
I'm not in the assignment list, how can I get assigned a project topic?
You can request the assignment of a project by sending an e-mail to the professor. Projects can be either individual or assigned to 2 persons.
Seminar preparation instructions
The project consists of two parts: the first part consists in preparing and exposing, in a presentation of maximum 15 minutes (about 13 slides), technical aspects related to the topic assigned. The second part consists in presenting a working demo of the technology related the project. Your work must include both parts: partial projects will not be evaluated. In rare circumstances, it is possible to not present a demo, e.g. if the assigned topic appears evidently theoretical. Your demo can be based on a netkit laboratory or other technology, depending on your topic.
The discussion of the project is interactive and will include questions on the course program. Your presentation must respond to the following points (take as an example a hypothetical seminar on the SMTP protocol):
- Requirements that have led to the introduction of the technology examined;
For example: "... SMTP became necessary to deliver e-mail messages ... etc.. etc.."
- Level of diffusion and uses of the technology at hand: is it a proprietary technology? Is it standardized in an RFC or other document ISO, IEEE. etc? Is it used in practice? Where?
- Operational mechanism of technology examined: if it is a protocol, describe the format of the most important messages and their workflow; when you're talking of a data format, describe the structure of a document in that format;
- Classification in the context of other technologies that support and/or must be coordinated with the technology considered;
For example: "... for receiving email one uses POP3, IMAP; SMTP supports authentication protocols such as MSCHAPv2 extension in Microsoft ... it allows you to send attachments in S/MIME format ... etc. .. etc. .. "
- Pros and cons of the technology presented;
- Actual or potential vulnerabilities of the technology and measure of their impact;
For example: ".. the SMTP protocol does not include secure authentication mechanisms ..."
The presentation style should be at a technical level (for experts) and not exclusively anedoctical. The presentation should not be considered separated from the context of the course program (for example: in an analysis of a protocol related to PKI IT IS assumed that the student knows how the PKI works)
- Demo: implement a practical situation in which the technology is deployed at the state of the art;
For example, in the SMTP case the short demonstration may include a netkit lab in which you have configured an SMTP server with secure authentication. You might add the demonstration of a potential attack, the description of how the authentication works by analyzing a corresponding Wireshark capture, etc.. etc..
Release of your project
The slides and the demo content must be sent to the professor at least 24 hours before the scheduled exam date.
You are not admitted to the exam if: 1. The slides were not technical (i.e. I will not accept a biography of Mark Zuckerberg as the correct answer for a project about the Facebook security infrastructure), or without answers to the questions mentioned above, or 2. The demo, if submitted, is not working / not pertaining to topic of the project.