CSC 580: Cryptography and Security in Computing

A printable PDF is available.

Project Information and Possible Topics

The purpose of this handout is to give some information on project guidelines and deadlines, as well as list some possible project topics. Projects will generally be individual projects, but if an innovative and involved project is proposed, then with permission of the instructor a small team (2 or 3 people) may work on a project. Projects require a final written report on the chosen topic and people are encouraged to include at least some hands-on component. Here are the parts and milestones for the project:

Project Selection (Due Friday, November 9):
You should look over the potential project topics below, do some initial reading to see what you find interesting and what you can get sufficient material for. Keep in mind the topic criteria below. All I need on November 9 is a project topic/title, but if you want to give me more information about what you plan on investigating I will give you feedback on that.

Progress Report (Due Wednesday, November 28):
By the time of the progress report your project should be pretty well investigated, meaning you've collected and read all of the reference papers, and thought through what you're going to write about in your report. You should turn in a progress report that contains a basic introduction section to your project report (this should describe the topic you're studying at a high level and describe what you will be giving giving details on), as well as an outline of your report and a list of bibliographic references that you plan on using. For group project teams, also include a plan of who will perform what specific activities.

It is very important that you use an acceptable format for your references. All references must include the following: Authors, paper title, where it appeared, date (just the year is good enough), and page numbers. For journal papers, also include volume and issue number information. Here are two sample formatted references (one conference and one journal) -- please follow this format as closely as you can!

  • [[1]] J. Li, M. Sung, J. Xu, and L. Li. "Large-Scale IP Traceback in High-Speed Internet: Practical Techniques and Theoretical Foundation," Proceedings of the IEEE Symposium on Security and Privacy, pp. 115-129, 2004.
  • [[2]] L. Buttyan, J. Hubaux, and S. Capkun, "A Formal Model of Rational Exchange and Its Application to the Analysis of Syverson's Protocol," Journal of Computer Security, Vol. 12, No. 3/4, pp. 551-588, 2004.
The progress report is graded, and counts for 25% of your overall project grade. However, the most important part of the progress report is that I will review it and make comments and suggestions that I will give back to you on Friday, November 30. This is where I tell you if you are going in the right direction, and give suggestions for things you should include for a good final report.

Complete Project (Due Friday, December 14, at the final exam):
This is when the full report is due.

Topic/Depth Guidelines: This is intended to be a research oriented project, not a technology description. A topic which describes a product or system but without any significant underlying question is not appropriate. For instance, a report on IPsec isn't appropriate, but a report on how security protocols are analyzed using IPsec as an example would be good.

For any topic, multiple references should be used -- no project should depend on a single reference source. At least two references should be "respectable references" (peer-reviewed journal or conference papers -- not Joe Schmo's web page).

Keep in mind that this is a computer science class, and technical depth is important. Formulas, theorems, proofs, and analysis are certainly important and should be included as appropriate. Since this is a research topic, it's also important to think about (and write about) what questions are left unanswered by the current research that should be investigated ("open problems"). As for the length of the paper, something in the range of 10-15 pages (11 or 12 point font, single spaced) should be about the right.

Remember that the writing should be entirely your own -- it is not acceptable to copy text from a paper or the web. My general advice to people is this: Investigate and read as much about the topic as you can until you really understand it, taking some light notes. Then you should know the topic well enough to put aside all your references, and do the writing without looking at the original material. That ensures that the writing is coming from you and not the reference material.

Possible Topics

The following topics are simply suggestions. If you know of some other topic you'd like to investigate for your project, talk to me about it -- if it's of a sufficient level and appropriately relevant to the topics of this class, then I'll probably approve it. However, note that it should be research-oriented (in other words, it should be addressing a question, not summarizing a product or technology).

  • Authentication and federated identity protocols
  • Cryptographic hardware devices
  • Cryptographic techniques for digital rights management (DRM), such as digital watermarking, application in SDMI, etc.
  • Trends in modern cryptography research (provable security of protocols, etc.)
  • Practice-Oriented Provable Security
  • Provable security techniques (model checking, spi-calculus, etc.)
  • Electronic voting/election protocols (cryptographic techniques)
  • Security for mobile code and mobile agents
  • Privacy and anonymous publishing
  • Security protocols for peer-to-peer networks
  • Factoring and discrete logarithm algorithms (for the mathematically adventurous!)
  • Cryptanalysis
  • Cryptography for embedded devices or sensor networks
  • Contracting protocols (fair exchange, etc.)
  • Digital Cash
  • Alternative signature schemes (threshold signatures, undeniable signatures, group signatures, ...)

The following are some of the leading security conferences, and provide excellent material (there are, of course, other good quality conferences and journals, but these are the best place to start).