Student Projects

In this page you can find our offering for semester projects. Students who are interested to do a project are are encouraged to have a look at the Thesis & Project Guidelines from the MLO lab, where you fill gain understanding about what can be expected us and what we expect from students.

Available MSc, BSc and PhD Semester Projects

Last Update 8th November 2019

Project 1

Countermeasures against DoH fingerprinting

The Domain Name System (DNS) is a critical component of the Internet infrastructure. However, so far, DNS queries and responses have been sent in the clear, making them susceptible to eavesdropping and tampering. Protocols such as DNS-over-TLS (DoT) and DNS-over-HTTPS (DoH) aim to prevent this by encrypting the communication between the DNS client and the recursive resolver. Even if connections are encrypted, analysis of traffic features such as volume and timing can reveal information about their content.

SPRING lab has conducted an analysis of the susceptibility of DNS-over-HTTPS traffic to traffic analysis based monitoring and censoring. Our current system identifies websites visited by a user from their DoH traffic and achieves an F-score of 0.9 and 0.7 in closed and open worlds. We also investigated some countermeasures against DoH fingerprinting, such as EDNS0 padding, the use of ad-blockers, and DNS-over-Tor. The goal of this project is to develop and evaluate easy-to-implement, but effective, countermeasures against DoH fingerprinting.

Requirements

  • Programming skills in Python
  • Basic knowledge of networking
  • Some knowledge of Go and C is helpful (but not required)

Applying to this project

This semester project is aimed at one BSc/MSc student. For applying, please send your grades and CV to Sandra Siby.

Project 2

Counteracting deepfakes

Recent advances in deep learning-based style transfer enable the creation of realistic deepfakes: often believable fake images or videos. This is already used for disinformation, harassment campaigns targeted at journalists and activists in developing countries.

In this project we use the techniques from adversarial machine learning to create defenses against one popular open-source tool to create deepfakes. The students are expected to have familiarity with tensorflow and adversarial examples.

Requirements

  • Good knowledge of deep learning: backpropagation, stochastic gradient descent
  • Experience with implementing machine learning models
  • Familiarity with image adversarial examples
  • Knowledge of one of the existing machine learning frameworks: PyTorch, TensorFlow, Keras; cleverhans

Applying to this project

This semester project is aimed at one MSc/PhD student. For applying please send your grades and CV to Bogdan Kulynych.

Project 3

Adversarial machine learning for privacy

Machine learning techniques have become widely used in privacy-invasive applications, like website traffic fingerprinting, facilitation of video and audio surveillance, inference of private attributes from seemingly non-sensitive information (e.g., Cambridge Analytica case).

In this project we investigate the potential of exploiting inherent deficiencies in machine learning models to protect private information. The students will use techniques from adversarial machine learning to interfere with operation of image recognition models, or text classifiers.

Requirements

  • Good knowledge of deep learning: backpropagation, stochastic gradient descent
  • Experience with implementing machine learning models
  • Familiarity with adversarial examples is welcome
  • Knowledge of one of the existing machine learning frameworks: PyTorch, TensorFlow, Keras; cleverhans

Applying to this project

This semester project is aimed at one BSc/MSc/PhD student. For applying please send your grades and CV to Bogdan Kulynych and Giovanni Cherubin.

Project 4

Canary in a coal mine: Detecting inference attacks on aggregate data

Privacy-preserving data analysis describes the problem of allowing a human analyst to gain statistical insights from sensitive data while preventing invalid disclosures about data records that would violate individual privacy.

A common approach to private data analysis is to give the analyst access to sensitive information through a controlled interface which allows a limited set of aggregate queries, such as SQL-style count, sum or average queries, but prevents access to raw, row-level data. Dynamic interfaces allow an analyst to submit one query at a time while so-called static query interfaces require the analyst to specify the full list of aggregate computations that need to be carried out on the data upfront.

While the latter approach reduces the risk of invalid disclosures, it remains unclear how to test and assert that statistical disclosure control measures, such as query suppression or perturbation, have been effective in protecting individual privacy. Intruder testing, similar to PEN tests carried out to assess a system’s security, has been suggested as a potential solution to this practical problem.

The goal of this project is to develop and implement a suite of privacy attacks that can be launched on a set of pre-defined aggregate computation results to assess privacy leakage. The focus will be on inference attacks that aim to reconstruct sensitive information about individual data records leveraging Machine Learning techniques and limited background knowledge. One challenge will be to develop new privacy attacks under a given framework and with strict scalability and runtime performance requirements.

Requirements

  • Good programming skills in Python
  • Experience with implementing machine learning models
  • Basic knowledge of matrix factorisation techniques would be desirable

Applying to this project

This semester project is aimed at one BSc/MSc student. To apply please send your grades and CV to Theresa Stadler.

Project 5

Fighting traffic correlation on the Tor network

The anonymous communication network Tor [1] has been designed to support internet browsing at a low bandwidth overhead. However, this design choice comes at a price: Tor is vulnerable to end-to-end traffic correlation. Tor assumes that doing an end-to-end correlation attack is difficult, because it is costly to observe both traffic going into the Tor network and traffic coming out of it. However, that is not always true, for example when communicating parties reside within the same country or network. This occurs quite often. In messaging and electronic voting, both parties are typically in the same country or on the same network.

However, messaging and electronic voting, do not require high throughput. By focussing on these specific scenarios, we can design anti traffic-correlation techniques that have low bandwidth overhead. In this project we will investigate one potential technique that sends constant rate cover traffic to/from the Tor network. This cover traffic then hides the real communication patterns.

This project has two aspects: (1) design a cover traffic mechanism that has low overhead, yet is difficult to circumvent for attackers; and (2) extend the Tor software to implement this mechanism.

References

[1] Roger Dingledine, Nick Mathewson, Paul F. Syverson: Tor: The Second-Generation Onion Router. USENIX Security Symposium 2004: 303-320, https://svn.torproject.org/svn/projects/design-paper/tor-design.pdf

Requirements

  • Good software engineering skills (C essential)
  • Some experience with networks is a plus
  • Not scared of a large existing code base with imperfect documentation.

Applying to this project

This semester project is aimed at one BSc/MSc student. To apply please send your grades and CV to Wouter Lueks.

Project 6

Making CryptPad secure and private

CryptPad is a collaborative editing platform that is very secure: not even the servers that host CryptPad can see what users write. Documents are always encrypted before being sent to the server, and the server never has access to the encryption key.

However, the CryptPad servers do observe metadata. Whenever a user, say Alice, views or changes a document, her browser sends requests to the CryptPad server. As a result, that server learns which document is being viewed/changed from which IP address (despite the document and the changes themselves being invisible).

Recently, the SPRING lab has developed Lightnion, a Javascript library for enabling anonymous web requests from normal browsers. In this project you will integrate Lightnion into CryptPad to ensure that the CryptPad servers can no longer see who is accessing the documents. Moreover, we will analyze which risks remain.

Requirements

  • Programming skills in Javascript and Python
  • Basic knowledge of networking

Applying to this project

This semester project is aimed at one BSc/MSc student. For applying please send your grades and CV to Wouter Lueks.

Project 7

Building secure systems for journalists

Investigative journalism is essential for modern democratic societies to function well. Their investigations can highlight corporate misbehavior, corruption, crime, and societal injustice. However, globalization makes their investigations more difficult: journalists now need to collaborate more frequently, often with colleagues in other countries. How do they know who to collaborate with?

The SPRING lab has been working with journalists to build secure tools and systems that can help them in their investigations. In one project we are building a system for securely searching documents held by other journalists, enabling journalists to find possibilities to collaborate. In another, we are building a system to enable secure referencing and archiving of published articles.

In these projects, we combine applied cryptography, systems engineering, anonymous communication and threat modeling to build systems for journalists that are simultaneously secure, useable and efficient enough to be of actual use.

Requirements

  • Good programming skills in for example Python
  • Basic knowledge of applied cryptography
  • Basic knowledge of threat modeling

Applying to this project

This project (semester or thesis) is aimed at one master student. If this type of project sounds like it matches your skill-set and interests, please send your grades and CV to Wouter Lueks.

Project 8

Large-scale Website Fingerprinting

Website Fingerprinting (WF) attacks allow an adversary to discover what web pages a victim is browsing, by only looking at the encrypted network traffic she produces.

In this project, the student will develop a system for collecting network data from a Tor node in a private way, and for performing WF attacks on the observed traffic.

Requirements

  • Excellent software engineering skills, fluency in Python
  • Experience with Machine Learning tools and libraries
  • Basic understanding of traffic analysis attacks

Applying to this project

This semester project is aimed at one MSc/PhD student. To apply please send your grades and CV to Giovanni Cherubin and Bogdan Kulynych.

Project 9

Conformal Prediction for Security

Conformal Prediction (CP) is a set of Machine Learning methods that allow wrapping standard Machine Learning models to produce predictions that have a guarantee on the errors they commit. More specifically, they output a set of possible predictions, which contain the correct prediction with a chosen probability. They have numerous applications in fields where a strong notion of confidence is needed (e.g., drug development, nuclear fusion centers).

The student will learn about CP, and explore its application to security and privacy contexts, such as traffic analysis and inference attacks. Depending on the student’s preference, this project can evolve into either a more practical or a more theoretical project.

Requirements

  • Good knowledge of common Machine Learning methods
  • Basic knowledge of statistics and probability theory
  • Good programming skills: Python (required), Rust (optional)
  • (Desirable) Basic understanding of Machine Learning -based attacks (e.g., traffic analysis or membership inference).

Applying to this project

This semester project is aimed at one MSc/PhD student. To apply please send your grades and CV to Giovanni Cherubin.

Project 10

Conformal Prediction library

Conformal Prediction (CP) is a set of Machine Learning methods that allow wrapping standard Machine Learning models to produce predictions that have a guarantee on the errors they commit. More specifically, they output a set of possible predictions, which contain the correct prediction with a chosen probability. They have numerous applications in fields where a strong notion of confidence is needed (e.g., drug development, nuclear fusion centers).

The goal of this project will be to learn about CP, and to improve an existing CP library, random-world [1], and extend it to the most recent CP techniques. The library is written in Rust.

[1] https://github.com/gchers/random-world

Requirements

  • Strong software development skills
  • Experience with Rust (preferable), or similar languages
  • Basic knowledge of Machine Learning methods

Applying to this project

This semester project is aimed at one MSc student. MSc students can choose this project as either a Master Thesis or a semester project. For applying, please send your grades and CV to Giovanni Cherubin.

Project 11

Efficiently updatable accumulators

Proving membership in a group is a fundamental building block for privacy. For example, when a user wants to perform an action anonymously while retaining his authority, he may choose a group of eligible people and hide among them. This can be in the form of “I’m one of the authorized users”, which is the basis for ring signatures. 

Another example is black-listable anonymous credentials (BLAC). An inherent problem in anonymity is accountability, which means it is hard to ban anonymous users. BLAC is a solution to this problem that blacklists misbehaving users. The BLAC scheme is based on users anonymously proving that “I’m not in the blacklist”. 

In ring signatures, BLAC, and many other schemes, proving membership and non-membership becomes crucial. If users need to compare themselves with all members of the group, then membership proof will have a size linear to the number of users. 

Accumulators are a cryptographic primitive which enables short proofs of membership and non-membership.  Schemes like BLAC and ring signature use accumulators to reduce their communication costs. 

Many accumulators have a manager who can efficiently add or remove users to the group. After each update, all user needs to update their membership proof accordingly. Each update can be fast, but if the manager applies thousands of updates when a user is offline, then the user needs to perform a considerable computation next time that he comes online.

This project aims to build an efficient update procedure, which reduces the accumulator’s update cost on the users’ side. We envision two approaches to solving this problem: A systemic approach to outsource users cost to the manager. A cryptographic approach to improve the update procedure.

Requirements

  • Good programming skills in for example Python
  • Good knowledge of applied cryptography

Applying to this project

This semester project is aimed at one master student.  For applying, please send your grades and CV to Kasra EdalatNejad.