T-110.5291 Seminar on Network Security P (5 cr)

Topics


In this seminar, each seminar participants writes a seminar paper on an individually assigned topic during the semester and gives a presentation on the seminar day at the end of the semester. The paper can be a small research project, report of experiments, or literature survey.

Previously we have always focused on the topic areas related to network security. This year, however we are not limiting our seminar topics to the specific area of Network Security but in various research areas of Information technology in general (e.g. Software technologies, mobile computing, cloud, security and more).

In 2014-2015, three seminars will be organized together both in the autumn and spring semesters:

 

The topics will be published in Noppa by the start of the course. The emphasis in the autumn seminar will be security, but some topics on the other themes will be available. Doctoral students who want to write a seminar paper should propose their own topics and suopervisors.

Topics available

 

  1. Bitcoin and Cryptography (Topic A)- Tutor: Jian Liu
  2. Bitcoin and Cryptography (Topic B)- Tutor: Jian Liu
  3. Anonymous Channel and Cryptography- Tutor: Jian Liu
  4. New topologies for Bluetooth Low Energy- Tutor: Jukka Nurminen
  5. Drone communication- Tutor: Jukka Nurminen
  6. Privacy-preserving social relationships discovery in the social networks- Tutor: Marcin Nagy
  7. Smart intersections- Tutor: Mario Di Francesco
  8. Multimedia streaming over cognitive radios- Tutor: Mario Di Francesco
  9. Bacteria nanonetworks- Tutor: Mario Di Francesco
  10. Scalable Delay-Sensitive Cloud For Pedestrian Road-Safety System- Tutor: Mehrdad Bagheri
  11. Security of Communication in Road-Safety Systems- Tutor: Mehrdad Bagheri
  12. Linux Container Security- Tutor: Miika Komu
  13. Life in the post-Snowden era- Tutor: Mohit Sethi
  14. QUIC - Quick UDP Internet Connections- Tutor: Mohit Sethi
  15. iSpy - Privacy and Security of iBeacon- Tutor: Mohit Sethi
  16. Secure Instant messaging- Tutor: Sandeep Tamrakar
  17. Compressive Sensing- Tutor: Sourav Bhattacharya
  18. Android Platform Security- Tutor: Thomas Nyman
  19. Cloud Datastores - Tutor: Keijo Heljanko
  20. Big Data Platforms - Tutor: Keijo Heljanko
  21. Electronic locks - Tutor: Tuomas Aura
  22. Security and robustness of visible-light communication - Tutor: Tuomas Aura
  23. Denial-of-Service attacks and Software Defined Networking - Tutor: Markku Antikainen
  24. Energy-cost aware scheduling/load-balancing in scientific computing - Tutor: Kasif Khan

Topics by Jian Liu

1. Bitcoin and Cryptography (Topic A)

Bitcoin a widely adopted online payment system, which uses peer-to-peer technology to operate with no central authority or banks. As a result, users can enjoy many benefits by using Bitcoin, such as no third-party seizure, no (or low) transaction costs and no tracking. However, it has significant limitations regarding privacy. For example, payment transactions are recorded in a public decentralized ledger, which potentially leaks important information. This topic is about using cryptographic technologies to enhance the privacy of Bitcoin.

Students who select this topic should survey the technologies that are currently used in BitCoin, their limitations, and state of the art cryptographic solutions.

References:

  1. Miers I, Garman C, Green M, et al. Zerocoin: Anonymous distributed e-cash from bitcoin[C]//Security and Privacy (SP), 2013 IEEE Symposium on. IEEE, 2013: 397-411.
  2. Miller A, Juels A, Shi E, et al. Permacoin: Repurposing Bitcoin Work for Data Preservation[J], 2014.

Tutor: Jian Liu

2. Bitcoin and Cryptography (Topic B)

Unlike topic A, this topic focuses on how Bitcoin is inspiring the development of cryptography. For example, Bitcoin can be used to incentivize players to perform correct computation in a cryptographic protocol.

This is a more advanced topic. Students who select this topic should be familiar with cryptographic protocols such as multiparty computation and verifiable computation.

Students who select this topic should survey the technologies that are currently used in BitCoin and how they can be applied to cryptographic protocols such as multiparty computation and verifiable computation.

References:

  1. Kumaresan R, Bentov I. How to Use Bitcoin to Incentivize Correct Computations[J].
  2. Andrychowicz M, Dziembowski S, Malinowski D, et al. Secure Multiparty Computations on BitCoin[J]. IACR Cryptology ePrint Archive, 2013, 2013: 784.

Tutor: Jian Liu

3. Anonymous Channel and Cryptography

As people tend to shift more of their daily activities online, the issue of online privacy becomes increasingly popular. Anonymous channels (e.g., TOR) enable a user to perform online activities without revealing her identity (IP address). TOR is a widely deployed network consisting of 2000 relays and currently serves hundreds of thousands of users a day. However, it still faces some challenges such as traffic analysis attacks, disruption attacks and how to collect statistics without violating users' privacy

The student who select this topic should survey the technologies that are currently used in TOR, their limitations, and state of the art cryptographic solutions.

References:

  1. Mittal P, Olumofin F G, Troncoso C, et al. PIR-Tor: Scalable Anonymous Communication Using Private Information Retrieval[C]//USENIX Security Symposium. 2011.
  2. Corrigan-Gibbs H, Wolinsky D I, Ford B. Proactively accountable anonymous messaging in Verdict[J]. arXiv preprint arXiv:1209.4819, 2012.
  3. Elahi T, Danezis G, Goldberg I. PrivEx: Private Collection of Traffic Statistics for Anonymous Communication Networks[J].

Tutor: Jian Liu

Topics by Jukka Nurminen

4. New topologies for Bluetooth Low Energy

Bluetooth Low Energy (BLE) is an emerging short range radio technology that is supported by many smartphone platforms and low-power, low-cost System-On-Chip solutions. The topology of Bluetooth Low Energy is a star, where a central device controls all communication to/from leaf nodes; the leaf nodes may not communicate directly with each other. There are however proprietary solutions available which enable daisy-chaining leaf nodes so that leaf-to-leaf node communication is possible. The student’s task is to review the current and upcoming BLE standards, their networking architectures, as well as proprietary solutions which enable mesh networking or daisy-chaining of leaf nodes. As part of the assignment, the student is also expected to build simulation models and/or implementations to analyse latency, reliability or other key performance indicators of such daisy-chaining solutions.

References:

  1. How to Build Low-Power Wireless Links for the Internet of Things Using Bluetooth 4.1

Tutor: Jukka Nurminen

5. Drone communication

Drones or low-cost micro air vehicles have emerged in recent years. In some scenarios the drones would be used to deliver pizza or books. More active they are used in surveillance tasks e.g. in agriculture. There is also some concern about air traffic control of the drones if their number explodes. In this, rather loosely defined, topic the idea is to explore the software, middleware and communication of the drones. To be useful the drones typically need to receive control commands from the ground and send video or other data streams back. Drones may also want to communicate with other drones directly.

References:

  1. Ranft, B., Dugelay, J. L., & Apvrille, L. (2013, September). 3d perception for autonomous navigation of a low-cost mav using minimal landmarks. InProceedings of the International Micro Air Vehicle Conference and Flight Competition (IMAV'2013), Toulouse, France (pp. 17-20).
  2. Bekmezci, I., Sahingoz, O. K., & Temel, Ş. (2013). Flying ad-hoc networks (FANETs): a survey. Ad Hoc Networks, 11(3), 1254-1270.
  3. Andre, T., Hummel, K. A., Schoellig, A. P., Yanmaz, E., Asadpour, M., Bettstetter, C., ... & Zhang, S. (2014). Application-driven design of aerial communication networks. Communications Magazine, IEEE, 52(5), 129-137.

Tutor: Jukka Nurminen

Topic by Marcin Nagy

6. Privacy-preserving social relationships discovery in the social networks.

Online Social Networks (OSNs) play a key role in today's computing ecosystem, as social interactions/connections are increasingly used to enhance trust in, and usability of, a growing number of applications. Popular OSNs have become de-facto providers of online identities and are often used to enforce verification of personas and information.

In many realistic scenarios, users need to make access control decisions involving other (possibly stranger) users, e.g., for sharing rides or cabs, to construct distributed computing platform, or to base routing decisions for anonymous communications. One important trust-enhancing factor, potentially guiding such decisions, is the existence of previously established social relationships. For instance, an intuitive access control policy may be to only carpool with one's friends or friends-of-friends, or to base routing decisions on social proximity. However, the process of discovering social proximity may harm the privacy of the two parties and that of their friends. At least one party needs to disclose the identity of his contacts and, depending on the application scenario, this could reveal the identity of the user, and possibly even information about his lifestyle and social attitudes.

The objective of this work is to make an extensive study and literature review on existing solutions for discovering social relationships between two users with a strong emphasis on user's privacy and mobile scenario application. In addition, new ideas for enhancements to existing solutions are very welcome.

References: provided after the topic is assigned.

Tutor: Marcin Nagy

Topics by Mario Di Francesco

7. Smart intersections

Service level agreement (SLA) is a contract between service providers and consumers. SLA has couple of main characteristics 1) enforceable, 2) measurable, and 3) violation causes penalties. Traditionally, in the cloud context, SLA's are defined for QoS metrics such as availability, and average response time. The core of any SLA is to find suitable metrics, which are measurable and easy to collect from the system. Accordingly to measure security, we need to identify measurable security metrics. Shirlei et.al. [6] has presented metrics for security management services. In their work, they have defined metrics based on security objective (SO) of a particular service. Yan Sun et.al. [4] has presented a mechanism for quantifying quality of protection parameters (QoP) of a system. They have used normalized weighted tree to measure the quality of protection. Common Criteria [5], a standard for computer security certification of a product, defines a process for assurance of product security. Despite all these efforts, there are still challenges to define reliable and measurable security metrics. For example, are service specific security parameters such as 'password ageing' or generic parameters such as 'high security', 'medium security' are meaningful in the cloud context.

Intelligent transportation systems and autonomous vehicles have the potential to make driving a task no longer demanded to human beings. A critical aspect, however, is represented by intersections, where several vehicles need to coordinate their actions in order to avoid collisions (accidents). Such a coordination involves both agreeing the policies to be followed and scheduling the movements of the vehicles.

The student involved in this topic is expected to: learn the basics of intelligent transportation systems with emphasis on smart intersections; analyze the existing literature by focusing on protocol-related aspects; evaluate the reliability of the proposed solutions in realistic scenarios.

References:

  1. Kurt Dresner and Peter Stone, "A Multiagent Approach to Autonomous Intersection Management", Journal of Artificial Intelligence Research, 31:591-656, March 2008
  2. Seyed Azimi, Gaurav Bhatia, and Ragunthan Rajkumar, "Reliable Intersection Protocols Using Vehicular Networks", The 4th ACM/IEEE International Conference on Cyber-Physical Systems (ICCPS 2013), Philadelphia, PA, April 8-11, 2013

Tutor: Mario Di Francesco

8. Multimedia streaming over cognitive radios

Cognitive radio networks (CRNs) are able to sense a wide range of the spectrum and the agility to make use of the available resources dynamically. Accordingly, they can reclaim unused frequencies (i.e., whitespace) for wireless communications while avoiding interferences with between licensed and unlicensed users. One of the most promising applications of CRNs is represented by bandwidth-intensive multimedia services for mobile devices, such as video streaming, that are already facing a shortage of resources in the cellular networks.

The student involved in this topic is expected to: learn the basics of CRNs; understand the different regulations in different countries; analyze the impact of the features peculiar to CRNs on streaming multimedia content.

References:

  1. William Lehr and the Spectrum Working Group, "Toward More Efficient Spectrum Management - New Models for Protected Shared Access", Tech. rep. of the Massachussets Institute of Technology, 2014
  2. Shiwen Mao, "Video over Cognitive Radio Networks: When Quality of Service Meets Spectrum", Springer, 2014

Tutor: Mario Di Francesco

9. Bacteria nanonetworks

Molecular communications have been recently proposed for building networks of nano-scale elements. A promising direction consists in exploiting bacteria as mobile carriers of messages that can be encoded as DNA fragments. Such messages can be then exchanged between bacteria when they are in close proximity through the process known as conjugation. Environmental factors such as the concentration of chemicals affect the motion of the bacteria and eventually the chance that a message can be successfully delivered from a source to a destination.

The student involved in this topic is expected to: learn the basics of nano-scale bacterial communications; analyze the mobility pattern of bacteria and the conjugation process; develop mechanisms that affect the motion of bacteria so as to increase the chance of successful message delivery.

References:

  1. Maria Gregori and Ian F. Akyildiz, "A New NanoNetwork Architecture Using Flagellated Bacteria and Catalytic Nanomotors", IEEE Journal on Selected Areas in Communications, 28(4):612-619, May 2010
  2. Sasitharan Balasubramaniam and Pietro Liò, "Multi-Hop Conjugation Based Bacteria Nanonetworks", IEEE Transactions on NanoBioscience, 12(1):47-59, March 2013

Tutor: Mario Di Francesco

Topics by Mehrdad Bagheri

10. Scalable Delay-Sensitive Cloud For Pedestrian Road-Safety System

A prototype of a cloud-based pedestrian safety application has been developed and tested on smartphones. This system monitors pedestrians and vehicles in urban areas and alerts the drivers in case a collision risk is detected. Vehicles and pedestrians are connected to cloud via cellular network (e.g. 3G, LTE).

The goal of this research is to examine scalability of such system when a large number of vehicles and pedestrians are connected and a geographical area as large as a whole city is monitored. The main problem is how to develop a scalable cloud platform so that it can handle our collision avoidance scenarios and satisfy critical requirements such as limited message delivery delay. Furthermore, processing tasks should be properly divided according to city subsections.

References:

  1. AWS | Amazon Elastic Compute Cloud (EC2) - Scalable Cloud Hosting.
  2. P. Jaworski, T. Edwards, J. Moore, and K. Burnham, "Cloud computing concept for Intelligent Transportation Systems," in 2011 14th International IEEE Conference on Intelligent Transportation Systems (ITSC), 2011, pp. 391-936.
  3. D. Bernstein, N. Vidovic, and S. Modi, "A Cloud PAAS for High Scale, Function, and Velocity Mobile Applications - With Reference Application as the Fully Connected Car," in 2010 Fifth International Conference on Systems and Networks Communications, 2010, pp. 117-123.
  4. S. Kato, M. Hiltunen, K. Joshi, and R. Schlichting, "Enabling vehicular safety applications over LTE networks," in 2013 International Conference on Connected Vehicles and Expo (ICCVE), 2013, pp. 747-752.

Tutor: Mehrdad Bagheri

11. Security of Communication in Road-Safety Systems

Vehicular networks (ad hoc or cloud-based) is a promising paradigm which improves road-safety and traffic efficiency. We have developed a prototype of a cloud-based pedestrian road safety application deployed on smartphones. This system monitors pedestrians and vehicles in urban areas and alerts the drivers in case a collision risk is detected.

The goal of this research is to investigate the most important security threats for road-safety scenarios, and furthermore explain the methods and technologies to prevent it. Network attacks and intrusion may break down the system, cause traffic jams or even cause collisions. Hackers may get wireless access to vehicle or even the cloud-based system. For example one possible hack is that the network nodes start sending incorrect geo-location to cloud servers. How can our system detect such intrusion and false information? How to design a secure vehicular network?

References:

  1. M. Raya, P. Papadimitratos, and J. Hubaux, "SECURING VEHICULAR COMMUNICATIONS," IEEE Wirel. Commun., vol. 13, no. 5, pp. 8-15, Oct. 2006.
  2. M. S. Al-kahtani, "Survey on security attacks in Vehicular Ad hoc Networks (VANETs)," in 2012 6th International Conference on Signal Processing and Communication Systems, 2012, pp. 1-9.
  3. G. Yan, D. Wen, S. Olariu, and M. C. Weigle, "Security challenges in vehicular cloud computing," IEEE Trans. Intell. Transp. Syst., vol. 14, no. 1, pp. 284-294, Mar. 2013.

Tutor: Di Francesco Mario

Topic by Miika Komu

12. Linux Container Security

Linux Containers [1] allow building more dense virtual machine populations than in traditional hypervisor-based approaches because they do not incure the overhead of a hypervisor. However, security of containers [2] has been under scrutiny lately [3,4].

In this topic, the student is expected to make a technical overview and analysis on container security based on e.g. docker [5] containers. The instructor expects that the student is familiar with Linux and is interested on technical details on Linux namespaces, cgroups, SElinux etc.

 

References:

  1. An Updated Performance Comparison of Virtual Machines and Linux Containers
  2. Docker Security
  3. Securing Docker's Future with SELinux and the Open Source Way
  4. Bringing New Security Features To Docker
  5. https://www.docker.com/

Tutor: Miika Komu

Topics by Mohit Sethi

13. Life in the post-Snowden era

Revelations from Edward Snowden about the mass surveillance on the Internet by various governmental bodies (particularly NSA and GCHQ) resulted in extensive media coverage. While the media coverage has slowly died down, various companies and standardization bodies are still actively pursuing various methods to reduce pervasive monitoring attacks. The aim of this seminar paper would be to provide a holistic overview of the all the efforts that have been proposed and/or are already implemented. Some examples include:

 

  1. Gmail disabled the option of delivering mail over HTTP
  2. IEEE has started to look into their protocols. One of the primary proposal is to use randomized mac address. On a related note: iOS 8 has randomized MAC addresses PryFi app (Android): Various MAC randomization options
  3. TCPINC WG is formed at the IETF. It will be responsible for developing TCP extensions to provide unauthenticated encryption and integrity protection of TCP streams.
  4. HTTPS as a ranking signal – Google announced that Google search results are affected by whether the corresponding sites have HTTPs turned on or not.
  5. HTTP/2.0 would have TLS turned on by default. This is a major change since most of the web traffic in the future would be encrypted.
  6. Design of TLS 1.3 is heavily influenced by the revelations. For example, the working group at the IETF is has reached a consensus that support for RSA will be dropped and TLS 1.3 would move to ECDHE.
  7. Proposals for modifying DHCP options have been suggested so that no unique identifiers are carried across.
  8. Using TLS in Applications (uta) is another working group that has been formed at the IETF. It is responsible for specifying a set of best practices for TLS clients and servers, including but not limited to recommended versions of TLS, using forward secrecy, and one or more ciphersuites and extensions that are mandatory to implement.
  9. There is now renewed interest in implementing and deploying DNS SEC.
  10. Twitter now uses Perfect Forward Secrecy (PFS).

Tutor: Mohit Sethi

14. QUIC - Quick UDP Internet Connections

QUIC is an experimental transport layer network protocol developed by Google and implemented in 2013. QUIC supports a set of multiplexed connections between two endpoints over User Datagram Protocol (UDP), and was designed to provide security protection equivalent to TLS/SSL, along with reduced connection and transport latency, and bandwidth estimation in each direction to avoid congestion. QUIC's main goal is to optimize connection-oriented web applications currently using TCP.

While SPDY (the base for HTTP/2.0) worked at the application layer (modifying HTTP by multiplexing multiple requests over one connection), QUIC works at the transport layer. QUIC is designed to address a number of pain points uncovered in the implementation of SPDY (which ran over TCP). A detailed design document goes into the specifics. First, the delay of a single TCP packet introduces "head of line" blocking in TCP, which undercuts the benefits of SPDY's application-level multiplexing by holding up all of the multiplexed streams. Second, TCP's congestion-handling throttles back the entire TCP connection when there is a lost packet-again, punishing multiple streams in the application layer above. The aim of this paper would be to provide a thorough overview of the QUIC protocol and compare it with the current HTTP/TCP/TLS model.

References: provided after the topic is assigned.

Tutor: Mohit Sethi

15. iSpy - Privacy and Security of iBeacon

iBeacons are a new class of low-powered, low-cost transmitters that can notify nearby iOS 7 devices of their presence. The technology enables a smart phone or other device to perform actions when in close proximity to an iBeacon. One application is to help smart phones determine their precise position or context. With the help of an iBeacon, a smartphone's software can pinpoint its own location in a store. iBeacons can help a phone show notifications of items nearby that are on sale, and it can enable payments at the point of sale (POS) where customers don't need to remove their wallets or cards to make payments. One of the problems for marketers has been that they could only use this technology if the customer had the app actively running while they shopped. With the iOS7.1 upgrade, Apple made it possible to have all this happen just by having the app installed. It does not even have to be running. Now the phone's operating system keeps listening for the iBeacon signal and tracks the customer even if the app is turned off and the device locked. By design, the iBeacon advertisement frame is plainly visible. This leaves the door open for interested parties to capture, copy and reproduce the iBeacon advertisement frames at different physical locations. This can be done simply by issuing the right sequence of commands to compatible Bluetooth 4.0 USB dongles. This can have several consequences from spoofing location beacons to starting apps or tracking. The aim of this seminar paper is to determine the plausible threats and propose mechanisms to counter such threats. One example is the paypal iBeacon where the beacon is purely the start of a complex security negotiation.

References:

  1. iBeacons Bible 1.0
  2. BLUETOOTH LOW ENERGY, BEACONS AND RETAIL

Tutor: Mohit Sethi

Topic by Sandeep Tamrakar

16. Secure Instant messaging

Instant messaging (IM) is the most widely used communication over the Internet generally used for sending short messages. Popular IMs communicates over TLS to protect against eavesdropping yet the TLS does not guarantee against eavesdropping at the server end. There are number of IM services that provides end-to-end secure messaging such as TextSecure. Similarly BitTorrent recently released decentralized private chat application known as Bleep. Off-the-record messaging protocol developed by Goldberg et. al. [1] describe secure messaging protocol with deniability, which ensures the authenticity of the message during communication yet it allows anyone to forge messages after the conversation that look like they were real communication between the participants.

The goal of this work is to look at different secure IM services and protocols, and make a survey based on the security features that these IM offers.

References:

  1. Borisov, Nikita, Ian Goldberg, and Eric Brewer. "Off-the-record communication, or, why not to use PGP." Proceedings of the 2004 ACM workshop on Privacy in the electronic society. ACM, 2004.
  2. Bleep: private chat
  3. TextSecure

Tutor: Sandeep Tamrakar

Topic by Sourav Bhattacharya

17. Compressive Sensing

Lately, compressive sensing, has gained a lot of research interests as it suggests that it may be possible to surpass the traditional limits of sampling theory, through sparse codebook learning. Recovery of signals is possible through nonlinear optimization, which requires very few data samples. This has important implications to solve some of the shortcomings of traditional supervised machine learning algorithms. Developments in compressive sensing has opened up new possibilities in understanding patterns present within large datasets.

The assigned student should perform a survey on the most salient techniques used in compressive sensing, especially on images and time-series data. Focus should be given on how compressive sensing can be effectively used in automatic representation of sensor data.

References:

  1. Lecture Notes on Compressive Sensing, R. G. Baraniuk.
  2. An extensive lists of papers published on compressive sensing can be found on:http://dsp.rice.edu/cs

Tutor: Sourav Bhattacharya

Topic by Thomas Nyman

18. Android Platform Security

Android has proven to be a prominent platform for research in mobile security. Numerous security frameworks enhancing Android security have been, and continue to be proposed.

Mainline Android itself has recently seen a significant change in it security model with the introduction of the Security-Enhanced Linux (SELinux) Mandatory Access Control (MAC) framework in version 4.3. Android version 4.4 saw SELinux enabled in enforcing mode by default.

The purpose of this topic is to examine the current state of platform security mechanisms in mainline Android, and survey the current state-of-the-art in academic (platform) security research being done on Android. Ambitious students should aim for identifying potential gaps in the current research and open research problems in the area.

Prior skills required:Basic knowledge of Linux Discretionary Access Control (DAC) mechanisms.

References:

  1. android Developer Documentation: Validating Security-Enhanced Linux in Android
  2. Smalley, S and Craig R. Security Enhanced (SE) Android: Bringing Flexible MAC to Android. In NDSS (2013), The Internet Society.
  3. Bugiel, S; Heuser, S and Sadeghi, A. R. Flexible and Fine-grained Mandatory Access Control on Android for Diverse Security and Privacy Policies. Usenix security, 2013
  4. Backes, M.; Bugiel, S.; Gerling, S.; and von Styp-Rekowsky, P. Android Security Framework: Enabling Generic and Extensible Access Control on Android. Technical Report A/01/2014, Saarland University, 2014.

Tutor: Thomas Nyman

Topics by Keijo Heljanko 

19. Cloud Datastores

Cloud computing has risen as a new framework for doing highly scalable web based applications. One of the central building blocks are new database technologies developed to implement massively parallel database systems, called cloud datastores aka NoSQL databases. In this topic the main aim is to survey this new class of datastores, discuss their design principles, categorize and compare them against each other and traditional relational database systems.

References

[1] Rick Cattell: Scalable SQL and no-SQL Data Stores, SIGMOD Record, Volume 39,  Number 4, December 2010.

Tutor: Keijo Heljanko

20. Big Data Platforms

Big data is one of the currently highly discussed topics in cloud computing applications. In this topic you get to survey the most widely used big data platforms e.g., such as Apache Hadoop, Apache Spark, and Facebook Presto. In this topic the main aim is to survey this new class of big data platforms, discuss their design principles, categorize and compare them against each other. Some of the issues in selecting the right tools and platforms for the big data application at hand need to be discussed. 

References: 

[1] Matei Zaharia, Mosharaf Chowdhury, Tathagata Das, Ankur Dave, Justin

Ma, Murphy McCauley, Michael J. Franklin, Scott Shenker, and Ion Stoica. 2012. Resilient distributed datasets: a fault-tolerant abstraction for in-memory cluster computing. In Proceedings of the 9th USENIX conference on Networked Systems Design and Implementation (NSDI'12). USENIX Association, Berkeley, CA, USA, 2-2.

[2] Jeffrey Dean and Sanjay Ghemawat. 2004. MapReduce: simplified data processing on large clusters. In Proceedings of the 6th conference on Symposium on Opearting Systems Design & Implementation - Volume 6 (OSDI'04), Vol. 6. USENIX Association, Berkeley, CA, USA, 10-10.

[3] http://prestodb.io/

Tutor: Keijo Heljanko


Topics by Tuomas Aura  

21. Electronic locks

Many lock and building-access-control-system manufacturers are combining electronic and mechanical features their locks and keys. This enables flexible online and offline operation and integration to other enterprise information systems. The goal of this seminar topic is to investigate the existing access-control solutions that combine information technology and physical locks or keys. Like all new applications of information technology, this gives raise to new security threats and vulnerabilities. Moreover, locks are particularly security critical components and attractive targets for attackers. On one hand, there is a centuries-long tradition in lock design and the threats are well understood; on the other hand, the information security approach may lead to both new threat scenarios and to new product opportunities. The seminar paper should analyze the security threats and potential solutions in electronic locks and/or access control systems.

References:

http://www.abloy.com/en/abloy/abloycom/products/access-control/

http://www.tux.org/pub/security/mk.pdf

Tutor: Tuomas Aura

 

22. Security and robustness of visible-light communication

Visible-light communication is used in some consumer goods because of its simplicity and perceived harmlessness to human health. The implementations typically use a light-emitting and light-sensitive LEDs. The visible-light communication channels can also be used as an offline channel for bootstrapping security associations. In both cases, there are medium-specific threats and design opportunities that can to be analyzed and exploited. The seminar paper can focus either on the robustness of visible-light communication under environmental factors or malicious interference, or on the security applications of visible-light offline channels. The student should implement an experimental system or perform security analysis based on ideas from the literature and, therefore, needs to be proficient in at least one of the following areas: embedded device programming (e.g. Arduino), mobile device programming, electronics design, or signal or image analysis with Matlab.

References:

http://www.disneyresearch.com/project/visible-light-communication/

http://visiblelightcomm.com/links/

Tutor: Tuomas Aura

 

Topics by Markku Antikainen

23. Denial-of-Service attacks and Software Defined Networking  

Software defined networking (SDN) and OpenFlow as one of its key technologies have received a lot of attention from the networking community. While SDN enables complex network applications and easier network management, the paradigm change comes along with new security threats. In particular, the introduction of the logically centralized controller may create new denial-of-service (DoS) vulnerabilities to the network. 

The goal of the seminar work is twofold. Firstly, the student is expected to survey the existing literature on DoS vulnerabilities that may be present in networks utilizing Openflow. Secondly, the student is encouraged to test some of the known DoS attacks in a emulated SDN-environment.

This topic requires basic understanding on computer networks and Python programming.

References: 

1. Openflow: A security analysis. NPSec 2013, Eighth Workshop on Secure Network Protocols. Available at http://www.tik.ee.ethz.ch/file/11a1fdc453fd9a0e2f789fcf582ed38f/Presentation-OpenFlow-A-Security-Analysis.pdf

2. Attacking software-defined networks: a first feasibility study. Proceedings of the Second ACM SIGCOMM Workshop on Hot Topics in Software Defined Networking. Available at http://dl.acm.org/citation.cfm?id=2491220


 

Topic by Kashif Khan

24. Energy-cost aware scheduling/load-balancing in scientific computing

Reducing energy consumption of computing infrastructure is one of the key issues in research lately. Energy used for computing infrastructure in scientific clusters and distributed computing systems is a key attributer in overall power consumption in this aspect. The motivation behind energy efficient computing is twofold - to reduce the overall consumption of the infrastructure and also to reduce the electricity cost associated with computing. In this research we aim to investigate the later case with CERN computing grid as a testbed. A few of the previous research has already investigated the effect of electricity-cost aware scheduling/routing of tasks based on real-time electricity prices from multiple regional markets. Qureshi et. al. present a very interesting aspect of reducing the cost of energy consumption. This research points out to the imperfectly correlated electricity prices of large geographical area and suggests that servers or computations can be transferred to those areas where electricity cost is minimal. Their results show that it is possible to lessen the energy consumption in such a way. We want to investigate the effect of the such with CERN computing grid which has 179 computing centers in 40 countries. The main goals are as follows:

  • To calculate overall energy consumption and cost associated CERN computing grid based on prior data.
  • To investigate the electricity price fluctuations of CERN computing centers which are geographically distributed. Initially we will try to gather the data from two-three regions.
  • To formulate routing/ scheduling/ load balancing mechanisms for HEP computation which reduces the overall cost of energy consumption. Papers that I mentioned are attached here.

References:

Tutor: Kashif Khan