Past student projects in 2016

Proposed projects page (archives): Fall-2016

Fall semester

CISC Cothority Identity Skipchain SSH Interface

Andrea Caforio – Semester project



Identification has become a crucial part of the digital world especially in the Internet where authenticity is one of the most important safety measures. Nowadays it is hard to keep track of all different passwords and public keys that we use to authenticate ourselves to different services. In the worst case the same key is used for several services.

In order to solve this issue, keys must be regularly updated and rotated, which is cumbersome when multiple devices come into play and basically unattainable without the help of specialized software.

Web-Frontend for Cothority

Bastian Nanchen – Semester project



The decentralized and distributed systems (DEDIS) team at EPFL is working among others on a software project called Collective Authority (Cothority). Cothority is composed of multiple conodes, which are servers running protocols and services. It implements different applications as Collective Signing (CoSi), Cisc (a distributed key/value storage handled by a blockchain with an SSH-plugin), Proof of Personhood (prove the existence of humain being), Guard (use distributed servers to hash passwords), Status (returns the status of a conode).

Enhancing Debian Update Service

Gaspard Zoss – Semester project



Software updates are an essential element in securing any software running on devices going from small embedded devices to computer clusters. In this project, we will study how security of software update process in large projects can be improved and apply it to Debian APT.

When a new feature is added or when a bug is fixed in one of the software available through the Debian package manager, the package’s maintainer, often one of the project’s developers, generates a binary by compiling the code, hashes it and creates various scripts used to install, upgrade or remove the software. These scripts and the binary are then packed together and placed inside a repository, from which the end user may download the update. The repository itself is signed, usually using a single private cryptographic key and the binaries are verified by using checksums. Additionally, the software can be made reproducible by the developers allowing users to verify if the given binary was produced using the publicly available source code. But as of today, not all Debian packages are reproducible.