Projects Assignments 2014

Assignment of the project topics

1. Emanuele Petullà - "Vulnerability Assessment Systems"

2. AVAILABLE - "3-Parties authentication schemes: the OAuth & OAuth2 scheme and its Google implementation"

3. Giuseppe Cristiano - "The Eduroam distributed authentication infrastructure"

4. Davide Lettieri - "The IDEM Network distributed Authentication & Authorization infrastructure"

5. Andrea De Napoli - "Bitcoin, other forms of peer-to-peer money: implementation and security issues"
6. Giuseppe Cosentino Borgese - "Remote and seamless installation of keyloggers"
7. Rahmat Hidayat - "Practical implementation of the PKI under the 1999/93/EC Directive"
8. Denise Angilica - "The Italian PEC infrastructure"
9. Bernardo Cuteri - "Immutable system logging"
10. Available - "Collision attacks on SHA-1 and SHA-2 functions"
11. Portolese Pasquale - "Security of ATM Cash Machines"

I'm not in the assignment list, how can I get assigned a project topic?

You can request the assignment of a project by sending an e-mail to the professor. Projects can be either individual or assigned to 2 persons.

Seminar preparation instructions

The project consists of two parts: the first part consists in preparing and exposing, in a presentation of maximum 15 minutes (about 13 slides), technical aspects related to the topic assigned. The second part consists in presenting a working demo of the technology related the project. Your work must include both parts: partial projects will not be evaluated. In rare circumstances, it is possible to not present a demo, e.g. if the assigned topic appears evidently theoretical. Your demo can be based on a netkit laboratory or other technology, depending on your topic.

The discussion of the project is interactive and will include questions on the course program. Your presentation must respond to the following points (take as an example a hypothetical seminar on the SMTP protocol):

1. Requirements that have led to the introduction of the technology examined; 

   • For example: "... SMTP became necessary to deliver e-mail messages ... etc.. etc.."

2. Level of diffusion and uses of the technology at hand: is it a proprietary technology? Is it standardized in an RFC or other document ISO, IEEE. etc? Is it used in practice? Where?
3. Operational mechanism of the technology at hand: if it is a protocol, describe the format of the most important messages and their workflow;  when you're talking of a data format, describe the structure of a document in that format; 
4. Classification in the context of other technologies that support and/or must be coordinated with the technology considered; 

   • For example: "... for receiving email one uses POP3, IMAP;  SMTP supports authentication protocols such as MSCHAPv2 extension in Microsoft ... it allows you to send attachments in S/MIME format ... etc. .. etc. .. "

5. Pros and cons of the technology presented; 
6. Actual or potential vulnerabilities of the technology and measure of their impact;

   • For example: ".. the SMTP protocol does not include secure authentication mechanisms ..."

The presentation style should be at a technical level (for experts) and not exclusively anedoctical. The presentation should not be considered separated from the context of the course program (for example: in an analysis of a protocol related to PKI, IT IS assumed that the student knows how the PKI works)

1. Demo: implement a practical situation in which the technology is deployed at the state of the art; 

2. For example, in the SMTP case the short demonstration may include a netkit lab in which you have configured an SMTP server with secure authentication. You might add the demonstration of a potential attack, the description of how the authentication works by analyzing a corresponding Wireshark capture, etc.. etc..

Release of your project

The slides and the demo content must be sent to the professor at least 24 hours before the scheduled exam date.