Projects Assignments and available topics

THE UPDATED LIST OF AVAILABLE PROJECTS CAN BE FOUND HERE

I'm not in the assignment list, how can I get assigned a project topic?

You can request the assignment of a project compiling the following Google Form. Once assigned, projects cannot be changed. After you compiled the form, check if your name has been correctly assigned next to the project name in the related Google Sheet File.

• Projects can be either individual or assigned to 2 persons.

• A confirmation email is AUTOMATICALLY sent within 1 day.

How long my project assignment is valid?

Your project assignment is valid for up to 12 months, then it will be reassigned.

Seminar preparation instructions

The project must consist of two parts: the first part consists in preparing and exposing, in a presentation of maximum 15 minutes (about 12 slides), technical aspects related to the topic assigned. The technical discussion should present an overview of the topic, together with real life examples. The second part consists in presenting a working demo related to the assigned project. Your work must include both parts: partial projects will not be evaluated. Your demo can be based on a netkit laboratory or GNS3 or other technology, depending on your topic. You might consider using specifically prepared server virtual machines, or containers (like docker containers www.docker.com).

The discussion of the project is interactive and will include questions on the course program. Your presentation must respond to the following points:

1. Description of the specific BCP (BEST CURRENT PRACTICE)/CWE/CVE number, or in general, of the project topic.
2. Whenever applicable, description of the technological context of the assigned BCP/CWE/CVE/General topic, including criticism, if any (e.g. show that a given BCP is outdated and why, etc.)
3. Examples (for a CWE, an example can consist in reporting about a specific CVE)

The presentation style should be at a technical level (for experts) and not exclusively anedoctical. The presentation should not be considered separated from the context of the course program (for example: in an analysis of a protocol related to PKI, IT IS assumed that the student knows how the PKI works)

1. Demo: implement a practical situation in which the assigned BCP/CWE/CVE/Topic is involved; 

Project submission

• The project, consisting of the slides AND the demo content, must be submitted compiling the following Google Form.

• The form must be filled at least 5 days before the scheduled exam date.

• The form requires to add a link to a Google Drive folder containing all the projects required files.

• If the submission has been completed succesfully, your name should appear in the following list.

Past assigned projects

1. Alessandro Greco - PDF Parser differential attacks
2. Francesca Murano - Evil Regular expressions
3. Jan Duinkerken Rodriguez, Rene Kayr - "DFA attacks on Widevine L3"
4. Carlo Cristarella Orestano - The Log4shell vulnerability
5. Mohammed Ahmed Hassan Kamel - Mohamed Ahmed Mohamed Abdelzaher - TCP Hole punching
6. Antonio Rocco Spataro - "Comparison of state-of-the-art stealth command and control softwares"
7. Tesfay Gebremeskel Chekole - Typesquatting tools and countermeasures
8. Santo Locanto e Nicola Costantino- The TOTP protocol
9. Ruth Nikol - Hardware Security Modules
10. Davide Gena - From OAuth 2.0 to OAuth 2.1
11. Paola Guarasci- "De-anonymization of TOR circuits with traffic analysis techniques"
12. Giada Gabriele e Michele Morello - "The CIA Hive component"
13. Rosalbino Bisignano - "OpenVPN, 3DES and the Sweet32 attack"
14. Pasquale Gatto - "The BLURtooth vulnerability (CVE-2020-15802)"
15. Francesco Tumminelli - "The Racoon timing attack to TLS 1.2"
16. Francesco Boragina - "The printer exploitation toolkit"
17. Salvatore Gigliotti and Francesca Amelia - Analysis of cookie storage and in-browser stealing techniques
18. Paolo Falvo - "OSINT and IoT."
19. Giovanni Terremoto - Applications of homomorphic encryption
20. Pierpaolo Bellusci and Vito Barbara - Attack surface of Wired 802.1X Authentication
21. Erica Coppolillo - The Log-Jam attack to DH key exchange
22. Francesco Riccio - "Security of the IEEE 1901 (HomePlugAV for powerline adapters) standard"
23. Daniele Salimonti e Luca Quarta - The NOMORE Attack - TKIP is dead?
24. Alfredo Aloi - "SSL Pulse: CVE-2014-0224"
25. Lukas Schörghuber - The SAD DNS attack
26. Grazio Bonanno - "Zombie POODLE and GOLDENDOODLE Vulnerabilities"
27. Antonio Pallaria - "DDoS tools: LOIC and HOIC"
28. Giovanni Terremoto - "Attack surface of HTTP Digest authentication"
29. Antonio Ielo - "Secure function evaluation"
30. Giuseppe De Marco - "Panopticlick. How to minimize fingerprint information bits"
31. Vincenzo Gentile and Dario Gencarelli - "The SHA1 attack surface"
32. Luis Angel Rodriguez Reiners - "The TLS ROBOT ATTACK"
33. Selam Tigistu Dereg and Simret Abule Geda- "An analysis of man in the browser attacks"
34. Dennis Petullà - "High-bandwidth Digital Content Protection (HDCP)"

35. Rodolfo Figueroa Mayo & Diamelys Díaz Estrada - "An analysis of the IFTTT infrastructure security"

36. Leandro Malek - "Overview of current pharming tools"
37. Francesco Grillo - "Recent developments of the TOR network"
38. Giuseppe Mazzotta - "Attack surface of the Windows Certificate Store"
39. Nicholas Laurenzano - "Two factor authentication bypass techniques via phishing"
40. Luca Quarta - "CWE444: Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling')"
41. Francesco Vagliante - "CWE640: Weak Password Recovery Mechanism for Forgotten Password"
42. Giuseppe Pace - "BCP0209 Initializing a DNS Resolver with Priming Queries."
43. Vincenzo Straface - "Protection from de-authentication attacks and the 802.11w standard."
44. Lorenzo De Marco - "Overview of the Skype communication protocol: privacy and firewall traversal techniques"
45. Ritacco Giuseppe - "Security of 802.1X over wired networks"
46. Giovanni Iannuzzi - "The Heartbleed attack"
47. Tiziana Oliviero and Rodolfò Calabro - "Current state of the art of quantum criptography research"
48. Pietro Napoli - "DNS over TLS"

49. Domenico Fico - "The CastHack for Google Chromecast"

50. Nuccia Oliverio - "Security in OSGP (Open smart grid protocol) networks"
51. Cristian De Marco - "The new Italian Electronic Photo ID Card (CIE)"

52. Davide Consalvo - Pierpaolo Mantello- "The new WPA3 standard"

53. Artur Kwiatkowski - "Security of RADIUS authentication handshakes"

54. Nicola Greco- "NTP-Based DDOS Attacks"

55. Andrea Baffa - "Copyright infringement monitoring in P2P networks"

56. Salvatore Monetti- "The Zooko's triangle, its implications in the TOR network & TOR drawbacks and future evolution"

57. Paola Arcuri - "BCP0207 DNSSEC Roadblock Avoidance."

58. Pasquale Fabrizio Sessa - "BCP0212 OAuth 2.0 for Native Apps"

59. Muratore Giuseppe - "Security of the SS7 protocol suite in mobile phone networks."

60. Multari Francesco - "BCP0185 Origin Validation Operation Based on the Resource Public Key Infrastructure (RPKI)."

61. Pasquale Arieta - "RFC4871 and the attack surface of the DKIM signature infrastructure"

62. Matteo Fazio - "Identity verification in mobile networks."

63. Girolamo Luccisano - "Anatomy of Key re-installation (Krack) Attacks to WPA/WPA2 networks."

64. Francesco Capparelli - "BCP0174 Certification Authority (CA) Key Rollover in the Resource Public Key Infrastructure (RPKI)."

65. Rinaldi Daniele Giuseppe - "BCP0132 Guidance for Authentication, Authorization, and Accounting (AAA) Key Management. "

66. Luca Cinelli - "Mirai: An IoT DDoS Botnet"

67. Eliana Cannella - "Anatomy of the Zeus Botnet"

68. Vincenzo Lupia - "Anatomy of DNS Rebinding attacks"

69. Domenico Rodilosso - "Illegal SEO Techniques and botnets"

70. Alessio Scarfone- "Anatomy and Integrity of electronic voting systems"

71. Kammerer Lukas - "Collision attacks on SHA-1 and SHA-2 functions"

72. Felix Eberhard - "3-Parties authentication schemes: the OAuth & OAuth2 scheme and its Google implementation"

73. Marco Anastasio- "CWE-250: Execution with Unnecessary Privileges"