Projects for ECE598NB

Those of you taking the course for 4 credits will be required to do a project. Here are a few requirements:

• Projects must be done in groups of 1-3 students (2 is recommended).
• Project topic can be anything related to Privacy Enhancing Technologies, not only what we cover in the course.
• Project must involve original research, something you could see yourself sending to a conference or a workshop.

Timeline

Feb 16

Hand in a 1- to 2-page project description. You should include:

• What you are planning to do.
• What you expect to have finished by the end of the semester.
• How this relates to other research in the area. Include one or two references.

First week of April

Status report meeting.

May 2

Present your results for the class

May 12

Hand in a conference-quality report, 10-15 pages in length.

Project Suggestions

Here are a few suggestions for projects, but this list is very incomplete — there are open problems in pretty much every topic that we cover in the course.

Anonymity analysis

My own research focus is on design and analysis of peer-to-peer anonymous networks. If you're having trouble sleeping at night, you can read more about it in my thesis, but a better idea would be to come talk to me. I find that in the descriptions of p2p anonymous networks, there are always aspects that deserve further analysis. If you feel the same, there may be a class project for you.

Open problems in Tor

Roger Dingledine has a presentation regarding Research Problems for Tor. Any of these would make a good project topic for the class.

The next projects are suggestions by Bill Yurcik, so would want to talk to him about these.

"SCRUB-tcpdump"

Security operations staff use packet traces to help defend their own organization's networks. Since attackers typically attack across network boundaries, sharing packet traces between different organizations would help defeat attackers. However, at present sharing of packet traces between organizations is very limited since packet traces contain private and sensitive information. This project is to work with NCSA to develop a tcpdump-like tool that can read raw packet trace logs and output anonymized packet trace logs. NCSA has experience creating two tools just like this for NetFlows logs and Process Accounting logs so we have most of the hard cryptographic algorithm algorithms ready and GUI source code to share -- all we need are talented and dedicated Java programmers to pull the work together. This work is highly publishable and will result in multiple papers as well as the tool developed being distributed on the Internet via NCSA.

"Examples of using anonymized logs to find attacks"

NCSA has developed anonymizers for NetFlow and Process Accounting logs and hopes to also soon develop an anonymizer for packet traces. We have intuition and artificial examples of how anonymized logs can be shared between organization to both preserve privacy and defeat attackers. This project would be to find specific examples of attacks that can traced with anonymized logs. NCSA has an ongoing effort of multiple years on this specific problem and will lend ideas and tangible support for this class project. This work is highly publishable and may involve collaboration with an external security expert with vast experience in this area who has expressed interest in collaboration.

"Building data anonymization"

Prof. Carl Gunter and I are involved in a project using the building automation controls in Siebel Center. One important question is how to anonymize the data logs that are generated by the system so that they can either be used for research purposes or displayed to people.

If you are taking Prof. Gunter's 598 course, he suggested that there are a number of projects related to the topics of that course that could involve privacy. If you are interested in doing something along those lines, we would be happy to jointly supervise your project.