Project 1 --------- Title: Cryptographic primitives on the Pentium 4 Supervisors: Andrew Clark (principal), Matt Henricksen Abstract: Intel's Pentium 4 chip introduces the NetBurst architecture which is designed to optimize many types of algorithms. It features 8 128-bit registers and 144 new instructions that make it a candidate for fast symmetric cipher implementations. This project involves an examination of the suitability of the chip for cipher primitives, in comparison to previous Intel architectures, and other comtemporary offerings (for example, the itanium/itanium 2). The project involves a theoretical study of the architecture along with implementation of 128-bit ciphers and hash functions using optimized Intel assembly language. ************************************************************************ Project 2 --------- Title: Comparison of Camellia, E2 and Misty Supervisors: Lauren May (principal), Matt Henricksen Abstract: Camellia, E2, and Misty are contemporary symmetric ciphers. Each is byte-oriented and has a block length of 128-bits. E2 is a failed AES candidate, while Misty is one of the first symmetric ciphers with provable immunity against differential and linear cryptanalysis. Camellia is a successful finalist in the NESSIE competition, and is strongly based upon components from E2 and Misty. This project represents a chance to investigate the design decisions that lead to the development of Camellia. It requires the student to compare and contrast the three ciphers in terms of security and implementation efficiency. Analytical skills are required, as is basic knowledge of the C programming language. *********************************************************************** Project 3 --------- Title: Mobile IP security Supervisor: Loo Tang Seet Abstract: Mobile IP includes enhancements to support transparent routing of IP datagrams to mobile nodes on the internet. This is achieved through the use of mobility agents and tunneling technology. The mobile nodes are identified by their home address irregardless of their point of attachments. Various security issues associated with the use of tunnels through firewalls have been identified. This research project requires student to review these security issues and to investigate other possible network security problems that could arise from the use of Mobile IP. The prospective student is required to be proficient in network administration on Linux operating system and TCP/IP networking concept. In the course of this research the student is expected to set up a small mobile IP network in the lab. *********************************************************************** Project 4 --------- Title: Securing Network Services with SELinux Supervisor: Loo Tang Seet Abstract: End systems must be able to enforce the separation of information based on confidentiality and integrity requirements to provide system security. Operating system security mechanisms are the foundation for ensuring such separation. Security Enhanced Linux is the result from the work done by NSA and Secure Computing Corporation which incorporate flexible mandatory access control into Linux operating system. Without mandatory access control at the operating system level, the application level security mechanisms implemented at the end systems could be either tampered with or bypassed. This research project investigates the use of SELinux for securing common network services such as a web server. The prospective student is expected to be proficient with Linux system administration and TCP/IP networking concept. *********************************************************************** Project 5 --------- Title: Security modelling Supervisor: Dennis Longley Abstract: All the entities and relationships relevant to security will be represented by Object Identifiers based upon a proposed Security Directory Classification scheme (details will be supplied). Some basic software has been developed already. The project will be primarily concerned with testing the feasibility of the approach by modelling some sample systems. *********************************************************************** Project 6 --------- Title: Detecting novel network attacks Supervisors: George Mohay (principal), Andrew Clark Abstract: A honeypot will be deployed as a target for hackers. The vast majority of attacks will have been seen before, old favourites that keep being repeated because they work! But a small subset could be attacks that no-one has seen before and should be identified and studied to see if they really are novel. This project will be aimed at determining if an attack is new or not. *********************************************************************** Project 7 --------- Title: Management GUI for SE Linux Supervisor: Tony Rhodes Abstract: One of the numerous future research tasks identified by the SELinux team at the NSA is to improve and simplify the policy configuration system [SELX02a]. This is directed at enabling real-world security polices to interact with SELinux in a transparent manner. Mandatory Access Control (MAC) access decisions are based on labels that can contain a variety of security-relevant information. Currently in SELinux, a system administrator must manually fill in Linux kernel configuration tables with security-relevant information to set up an enterprise-wide security policy. The focus for project is to design and develop a graphical user interface (GUI) for Management to use to establish and maintain an enterprise-wide access control policy based on roles in a SE Linux environment. Emphasis placed on the need for and parameters associated with a context-sensitive GUI arises because 1) it is likely that this function will be performed irregularly, and 2) the high staff changeover in the system and network manager function in medium to large enterprises. The concept of a role is utilised in SELinux to provide a mandatory security policy. The concepts of roles and rights is generally understood by management but how to firstly establish, and secondly maintain, an information system (IS) based around roles and rights is not. Traditional IS managers have never sat down and worked out all the roles in the organisation yet alone tried to map a mandatory security policy using a Role Based Access Control (RBAC) policy for the enterprise based on such roles. Furthermore, managers do not want to have to manually fill in configuration tables to set up such a system. They require an easy to use GUI that performs the, at times possibly complex, assignment of roles, users and permissions transparently for them. They need to be simply guided through the whole process. The security requirements of the underlying operating system should be hidden from them in the GUI. *********************************************************************** Project 8 --------- Title: Security of Hash Function based on block ciphers Supervisor: Bill Millan Abstract: Cryptographic hashing has many vital applications, so the security of these algorithms needs be be properly assesed. Most popular hashes are based on a compression structure that is like a block cipher with surrounding feedforward logic, (where the message acts like the cipher's key). Even the so-called "dedicated" MDx family of hash algorithms can be described in this paradigm, so it is quite significant. The speed of hash functions based on block ciphers is measured by the number of block encryptions required for a secure scheme (this number is the "rate"). It seems that the standard rate 1 schemes have weaknesses, so higher rate (slower speed) designs were proposed. However, it is preferred for efficiency if the required rate can be reduced. In this project, the student will examine the literature regarding hash functions based on block ciphers and track the historical development of initial designs, attacks and re-design and further attacks. Several different styles of compression function will be studied. Special attention will be given to the efficiency/security tradeoff in these designs. What properties of the underlying cipher are significant for the security of the hash? The student will also analyse the most recent proposals (and some novel suggestions by the supervisor) to estimate their security against known attacks. There have been some new methods of statistical analysis proposed in recent literature, and the student is encouraged to investigate this aspect....some programming is required. The project may conclude with the student offering their own proposals for new hash functions based on block ciphers, and/or by offering a detailed security analysis of an existing scheme. *********************************************************************** Project 9 --------- Title: Digital Watermarking Supervisor: Lauren May Abstract: Protecting copyright interests on the Internet is very difficult. This issue is a deterrent to the use of electronic commerce. Digital watermarking embeds information in an invisible manner, and can be used to enforce copyright of digital content. This project will investigate the techniques and properties of digital watermarking methods, including implementation of techniques and associated analyses. Analytical skills are required, as is basic knowledge of the C programming language. *********************************************************************** Project 10 ---------- Title: Exploring protocol security through formal specifications Supervisors: Colin Boyd (principal), Kapali Viswanathan Abstract: Protocols for electronic business applications are difficult to design securely. Today there is considerable research effort devoted to use of different formal (mathematical) techniques to gain assurance in correctness of cryptographic protocols. This project will extend existing work at ISRC which has used software animation of formal specifications to explore security models for protocols. One or more protocols will be specified and explored using the animation tool. It would suit a student with an interest in cryptographic protocols. Some knowledge of formal specification would be advantageous. *********************************************************************** Project 11 ---------- Title: Evaluation of Cybervote Supervisors: Colin Boyd (principal), Ed Dawson Abstract: A current European collaborative project called Cybervote is investigating electronic voting using the Internet and mobile phones. This project will be concerned with examining and assessing the protocols from Cybervote, particularly in relation to its suitability for use in Australian elections. Depending on the interests of the student, the project can concentrate either on the cryptographic protocols or the network security aspects, or a combination of both. *********************************************************************** Project 12 ---------- Title: A prototype for secure electronic auctions Supervisors: Colin Boyd (principal), Ed Dawson Abstract: Internet auctions are currently very popular, but all the currently deployed schemes rely on absolute trust in the auctioneer. This project is concerned with recent cryptographic solutions for electronic auctions that remove, or at least limit, the trust requirements. The student will explore different proposals, including some from ISRC researchers. A suitable proposal will then be implemented as a prototype and its performance and security will be investigated.