This page lists some potential projects in the DEDIS lab that may be available next semester. Please first read the general guidelines for projects in the DEDIS lab, then use ONLY the following form to get in touch with us:
Get in touch:
>> Google Form Link <<
List of projects updated May 11th 2021.
Comprehensive Secure Messaging Benchmark
For a master student
Secure messaging protocols such as Signal (among others things deployed in WhatsApp) have become the predominant tools of communication for a vast majority of the population. Although the mainstream protocols are mostly Signal derivates, the cryptographic literature has spawned a slew of alternatives that tackle different corners of the security spectrum. The performance of such a protocol on user devices is a vital evaluation criterion for a potential real-world usage. A preliminary efficiency benchmark of a handful of protocols was presented in [1,2], which made it possible to gauge a high-level performance perspective, but lacked in terms of applicability as the code was specifically tailored to a rather artificial desktop environment.
In this project, we aim to elevate the existing benchmark to actual Android/iOS devices by implementing a preselected group of protocols. In a concurrent task, we are eager to find a sensible evaluation framework in order to obtain precise measurements.
This project is carried out in collaboration with the LASEC lab.
- Required: COM-401 Security and Cryptography, Very strong Android/Java skills, Experience with software benchmarking
- Recommended: COM-501 Advanced Cryptography, Swift/iOS skill
Contact: Simone Colombo
Analysis and implementation of efficient consensus algorithms
For 2-3 master students
Consensus is an abstraction in distributed computing, that is used to agree on a common value among multiple set of nodes. There exist a wide range of published work in the consensus literature, but none of them are not without their own limitations such as 1) problems in leader based consensus approaches, 2) complexity of consensus algorithms and the practical gap between the theory and implementation, 3) not power efficient, 4) difficulty in selecting the best algorithm for a given system model and etc.
To address these issues, in this project, we will do an analysis of existing consensus approaches such as Paxos and Raft, and do a performance analysis to identify their pros and cons. Then we will focus on different methods to improve the resilience of consensus algorithms and the systems based on replicated state machine abstraction. The successful completion of the project could result in a publication.
Contact: Pasindu Tennage
Anonymous Proof-of-Presence Groups for Messaging and Voting
For up to 10 semester and/or masters project students
Popular communication tools today use either require semi-strong but privacy-invasive identities such as phone numbers to achieve some level of accountability and Sybil attack protection (e.g., WhatsApp or Signal), while other tools use weak identities such as E-mail addresses or pseudonymous public keys (e.g., Bitcoin) but lose any fair, “person-centric” form of accountability or Sybil attack protection. The DEDIS lab is developing a new, human-centric “proof-of-personhood“ (PoP) solution to this problem leveraging physical presence at real-world events to provide privacy-preserving but accountable, Sybil-protected identities.
This project will prototype a minimalistic but highly robust and usable proof-of-presence group communication app for mobile devices. The app will enable anyone to organize an in-person event, and take a secure “roll-call” at that event to connect with attendees and give each a one-per-person digital membership token. With these tokens, attendees can text message each other privately within the ad-hoc group without needing any strong identities (phone numbers etc), but with the ability to block abusive or spamming members reliably to ensure accountability. In addition, attendees can call votes within the group, and obtain the assurance that only real people who were actually at the event will be able to vote, and that each real person will have exactly one vote.
Contact: Pierluca Borsò
Privacy-preserving PoP token
For 1–2 Master’s thesis/project students
Digital identity is a prerequisite for digital democracy and digital life as a whole. Current digital identity solutions present flaws in security, privacy and transparency. This leaves users vulnerable to a plethora of attacks. The goal of pseudonym parties is to marry the transparency of periodic physical-world events with the convenience of digital tokens between events, thereby addressing the vulnerabilities of current digital identity approaches. A pseudonym party is an in-person event that gives each attendee exactly one anonymous digital PoP token, which can then be used by the users to prove their identity. Currently, a PoP token is simply a cryptographic public key. This greatly limits the usage of PoP tokens, because a user is forced to always reveal her full identity and the identity disclosures can be easily linked together. Moreover, it is currently impossible to create multiple accounts related to a single PoP token.
The goal of this project is to design and implement privacy-preserving PoP tokens offering the possibility to create multiple accounts linked with a single token, enabling the user to use the token in a truly unlinkable manner. After a first theoretical phase, the students are expected to implement and evaluate a proof of concept of the newly designed token in Go.
Contact: Simone Colombo
Swiss Post E-Voting
For 1–3 cybersecurity master students
Swiss Post has long been a strong proponent of E-Voting, developing an E-Voting system to be utilized in Swiss elections that achieves universal and individual verifiability as well as privacy. As part of their commitment to transparency, Swiss Post releases their source code as well as documentation and conducts intrusion tests. During an intrusion test in 2019, researchers discovered an implementation issue that would have allowed an attacker to change the outcome of an election. Since then, Swiss Post has rectified the issue among others and has committed to further public transparency on their E-Voting system, providing a test environment to a select few while they are in development, including the DEDIS lab. In this project, you will then partake in reviewing their source code and documentation, looking for potential vulnerabilities (e.g., implementation issues).
We are looking for one to three candidates who have a background in cryptography (e.g, COM-401) and/or have experience in developing large projects, particularly in NodeJS and Java. Further information about the bug bounty program can be found in this link.
Contact: Lous-Henri Merino
Polypus – Visualization of a Distributed System
For 1–2 students (bachelor/master)
A lot of operations and events can take place in a distributed system: financial operations, database replications, consensus algorithms, etc… While powerful, such systems tend to be hard to understand and remain opaque to users. A distributed system works by sending and receiving messages between participant nodes, but this activity is most of the time hidden, and operations therefore happen “magically” from the user’s point of view.
This project aims at developing a tool that can provide a live, and replayable, visualization of a distributed system. The visualization consists of showing the messages sent and received between nodes, based on a modular, yet to be defined, API that can be implemented by various distributed systems. If successful, this tool will then be used as a research and educational tool.
Students should have a strong interest in front-end development (Typescript, HTML, CSS), providing tools with an actual end-result and real users, and an interest in distributed systems.
Keywords: front-end, blockchain, typescript, UX
Contact: Noémien Kocher