home

SNE Master Research Projects 2015 - 2016

http://uva.nl/
2004-2005 2005-2006 2006-2007 2007-2008 2008-2009 2009-2010 2010-2011 2011-2012 2012-2013 2013-2014 2014-2015 2014-2015 2015-2016 2016-2017 2017-2018
Contact TimeLine Projects LeftOver Projects Presentations-rp1 Presentations-rp2 Objective Process Tips Project Proposal

Contact

Cees de Laat
room: C.3.152
And the OS3 staff.
Course Codes:


Research Project 1 MSNRP1-6 53841REP6Y
Networking Research Project 2 MSN2NRP6 53842NRP6Y
Security Research Project 2 MSN2FRP6 53842SRP6Y

TimeLine

RP1 (January):
  • Wednesday Sep 16 2015, 10h00: Introduction to the Research Projects.
  • Nov 11, 2015, 13h00-16h00: Detailed discussion on chosen subjects for RP1.
  • Monday Jan 4th - Friday Jan 29th 2016: Research Project 1.
  • Friday Jan 8th: (updated) research plan due.
  • Monday afternoon Feb 1th 2016 12h40-17h00: Presentations RP1 in B1.23 (OS3 lab) at SP 904.
  • Tuesday Feb 2th 2016 9h35 - 16h35: Presentations RP1 in B1.23 (OS3 lab) at Science Park.
  • Sunday Feb 7th 24h00: RP1 - reports due
RP2 (June):
  • Wednesday May 11, 2016, 9h30-12h00, B1.23 Detailed discussion on chosen subjects for RP2.
  • Monday May 30th - Jun 24 2016: Research Project 2.
  • Friday Jun 3th: (updated) research plan due.
  • Wednesday Jun 29 2016, 9h00-17h00: presentations in C0.110 @ SP904.
  • Thursday Jun 30 2016, 9h00-17h00: presentations in C0.110 @ SP904.
  • July 4th 09h00 2016: RP2 - reports due.

Projects

Here is a list of student projects. Find here the left over projects this year: LeftOvers.
In a futile attempt to prevent spam "@" is replaced by "=>" in the table.
Color of cell background:
Project available Presentation received. Confidentiality was requested.
Currently chosen project. Report received. Blocked, not available.
Project plan received. Completed project. Report but no presentation
Outside normal rp timeframe

wordle-s.png


# title
summary
supervisor contact

students
R

P
1
/
2
4

Portable RFID Bumping Device.

In regards to physical social engineering there are two main ways of gaining entry to targeted premises either via tail-gating, that is to follow a valid employee/visitor right behind them as they’ve opened a door or via lock picking, which implies the use of specialised tools to pick physical locks.
As more organisations are replacing traditional entry systems with RFID card controlled entry points and even turnstiles, the use of tail-gaiting and lockpicking is becoming increasingly more difficult, especially when coupled with increased security awareness of employees and security staff. It has long been discussed the ability to read a target’s RFID access card and use that information to replicate it onto a different card of similar make, thus effectively cloning it. Although possible on many occasions this is a multiple step process which requires both time and materials.

There are primarily two different types of cards; cards which support security keys and cards which don’t. Many HID cards or MIFARE Ultralight cards (such as the ones used in disposable OV-chipkaart tickets) do not support a security handshake or encryption, unlike Anonymous/Personal OV-chipkaart tickets that use the MIFARE Classic 4K chips which use security keys. It is woth noting that MIFARE Classic chips have also been cracked (http://www.ru.nl/ds/research/rfid/) but these more elaborate systems require offline analysis. Most organisations with recent RFID implementations on their premises also use MIFARE Classic chips.

System have been designed since mid-2000 (http://www.wired.com/wired/archive/14.05/rfid.html) for “bump” cloning basic/non-encrypted RFID cards but no serious research has been made into designing a portable solution that can on-the-spot 1) clone multiple technologies and 2) clone RFID cards that support security keys. – Such a platform could also be potentially programmed to also read and clone other NFC protocols such as ones used in mobile phones and debit/credit cards and could warrant further research.
Ari Davies <ADavies=>deloitte.nl>

Romke van Dijk <romke.vandijk=>os3.nl>
Loek Sangers <Loek.Sangers=>os3.nl>
R

P
1
13

Designing an open source DMARC aggregation tool.

Email is one of the oldest internet technologies in place, and in bad need of some updates. DMARC is a new approach where a domain owner can make policies about his or her domain visible to recipients. This allows a domain owner to advertise that mail can safely be discarded under certain conditions (such as when DKIM and SPF are not in place). Given that the majority of spam and phishing involves sender address spoofing, this approach can have a very real impact on both spam and security.

DMARC also defines a feedback mechanism from recipients back to domain owners. That means you get an actual copy of the mail sent by the attacker, with a detailed machine processable report that will allow you to investigate what happened. The owner of a domain may get reports from many different sources, depending on the various domains emails are sent to. Of course this moves part of the work load of handling spoofed mail from the original recipient (who no longer sees the mail) to the faked sender that gets alerted.

Each mail triggers a separate report, and given that the volume may be at typical spam levels it is hard to get an adequate overview from a large amount of spoofing incidents. Currently, there is a limited set of commercial tools that offer some insight but is not yet an established standard nor are there good open source tools - which makes users depend on commercial providers (often in another jurisdiction) to parse significant volumes of DMARC data for them. Since this involves sharing data and there might also be valid email that ends up there erroneously (because of configuration error) this is not ideal from a security and confidentiality point of view. In this project you will investigate how to best handle the flows of DMARC data, and design an open source prototype aggregation tool that can freely be used by domain name owners to protect themselves.
Michiel Leenaars <michiel=>nlnet.nl>
Yadvir Singh <Yadvir.Singh=>os3.nl>
R

P
2
18

UsnJrnl Parsing for File System History.

In modern Windows versions, the NTFS filesystem keeps a log (the UsnJrnl file) of all operations that take place on files and folders. This journal is not often included in forensic investigations, and even if it is, parsing and interpreting can be tedious and labour-intensive work. In this project, you are asked to research the type of information that is stored in the UsnJrnl that can be of value for forensic investigations, and create a (PoC) tool that parses out this information in a useable format. Examples of activity that you could identify in the UsnJrnl are filename changes (what were previous filenames of a file?), timestamp modifications (compare to MFT entries and find anomalies), read/write operations (research is still required for a better understanding of relevant traces), etc.
Kevin Jonkers <jonkers=>fox-it.com>

Frank Uitewaal <fuijtewaal=>os3.nl>
Jeroen van Prooijen <jeroen.vanprooijen=>os3.nl>
R

P
1
20

Design Exploration of Transparency Enhancing Technology for Government.

SUMMARY
Perform a design exploration of transparency enhancing technology, which consists of comparing advantages and disadvantages of a couple different levels of distribution and encryption key management systems that offers the right balance between transparency, privacy and security. The (theoretical) technical solutions suggested in the report should outline practical solutions to the Dutch government aim to allow citizens easy online access to all their digital data as described amongst others in "Visiebrief Digitale Overheid 2017" and "Overheidsbrede Dienstverlening 2020", and is being worked on in practice by the Manifestgroep. The proper balance between transparency and privacy of all data the government gathers about citizens is still a (technologically) unresolved question towards which this research project will contribute part of a solution.

The key research questions posed is: "How could transparency enhancing technology be designed for use by the government without negatively impacting citizen privacy (for example by allowing any single party access to all data on a citizen)?"

REQUIREMENTS FOCUS ON
  • Auditable (log everything as part of the design)
  • Authorization (grant/revoke access only to those while they need it)
  • Authentication (credentials are inherently checked)
  • Decentralized (less central control, and allow the network to grow)
  • Empowering individuals (individual has the final say who can use their data)
  • Encryption (future proof with strong encryption, allowing flexibility)
  • Indexed (searchable without leaking data about the population)
  • Privacy protecting (the system should foster privacy by design)
  • Public/Private keys (with the ability to use hardware tokens)
  • Scalable (to at least the size of a country, in the PiB range)
  • Transparent (a user has complete insight in his/her data stored)
  • User-centric (the user has control over which data is stored where and who can access it)
SPECIFIC DESIGN THOUGHTS
  • OS3 (Open Standards, Open Software, Open Security) design that should be tailored to local needs, but flexible to be used for other purposes.
  • Distributing both the access keys and the data seems the best way to create a fully transparent system without sacrificing privacy or security.
  • Authorization should be given by the user. This can be to a (sub)organization. This signed authorization should have an expiration date (with system wide maximum time enforced by the servers).
  • Encryption keys are made available to users by encrypting them with their public key, more than one person can have access to the same encryption keys.
  • Data can safely be stored on any cloud storage platform since it is strongly encrypted. The system should however be agnostic to the type of storage to allow political decision to be made to move the data. The system should be easily extendable to allow storage of data on alternate platforms.
  • Access logs should processed in a timely fashion and stored in historical records in the tree with the relevant data. When this part of the tree is removed the access logs are removed as well preventing (partial) reconstruction of deleted data from access logs.
  • All queries to central servers are signed (some twice for queries 'on behalf of') and must contain a token to prevent replay attacks.
  • Any smartcard capable of X.509 should be able to be used, as long as the CS is on a trusted list. This can be 'PKI overheid', or the future 'Identiteitsbewijs' with this capability.
  • Data is segmented in the data structure which is a NoSQL database containing metadata for the entire tree, and the encrypted blob storage which is used to store vast quantities of data.
  • The content of the distributed database should be semi-public, and the encrypted blob storage should be fully public without compromising the security of the system. As long as keys are kept private the system functions as designed.
  • Tree has list of 'servers', 'organizations', 'persons', 'keys', 'templates'. All data structures are stored in this tree, which has an ACL on each folder. Small metadata can be stored directly in this tree, but all large files are pointers to the encrypted blobs. The min/max size is determined system wide.
  • While it is impossible to prevent government agencies from aggregating all citizen data into their own centralized database (for the purpose of monitoring citizens) this system should be designed to make it very hard to use for that purpose.
  • The system should be practical to use both for the users as well as the government agencies that need to aggregate data into it. By offering a design for a practical solution that provides transparency without a large cost in privacy and/or security
Guido van 't Noordende <g.j.vantNoordende=>uva.nl>

Mathijs Houtenbos <mathijs.houtenbos=>os3.nl>
R

P
2
21

Adding An Unusual Transport To The Serval Project.

Recent discussions on the guardian-dev mailing list have revealed the possibility of using bluetooth device names and Wi-Fi direct directory lists as low-bandwidth ad-hoc communications channels between nearby smart-phones. The key advantages of these channels is that they require no user intervention, such as peering or association. Adding such transports to the Serval Project will provide further options for people in disasters or facing oppression to communicate effectively and securely.

This is a sub-project from the Serval project http://servalproject.org, http://developer.servalproject.org/wiki.
For the rest see #25 below.
Paul Gardner-Stephen <paul.gardner-stephen=>flinders.edu.au>

Alexandros Tsiridis <Alexandros.Tsiridis=>os3.nl>
Joseph Hill <Joseph.Hill=>os3.nl>
R

P
2
22

Recursive InterNetwork Architecture; An Assessment of the IRATI Implementation.

As this is a broad research topic one or two groups of students can work on this and focus on specific details or issues. This is group 1.

RINA[1], Recursive InterNet Architecture is a novel architecture for computer networking that doesn't suffer from many of the shortcomings we experience using TCP/IP and the current Internet stack.
  • "It is a new architecture that builds on the fundamental principle that networking is Inter-Process Communication (IPC) and only IPC."
  • "RINA views the network as a collection of networks of processes, rather than a network of "boxes"€."
John Day gave a nice overview of RINA at TNC2015[2].

We would like someone to investigate this new approach and to see if it's possible to build a small testbed from the implementations that currently exists and report back on the issues they encounter while doing this. There are several prototypes/open source implementations to work with and test this new architecture.

[1] http://www.future-internet.eu/fileadmin/documents/fiarch23may2011/06-Grasa_DesignPrinciplesOTheRecursiveInterNetworkArchitecture.pdf
[2] http://geant.23video.com/tnc15-1a-opening-plenary?start=2105
Marijke Kaat <Marijke.Kaat=>surfnet.nl>
Ralph Koning <R.Koning=>uva.nl>

Jeroen van Leur <Jeroen.vanLeur=>os3.nl>
jeroen.klomp <jeroen.klomp=>os3.nl>
R

P
1
23

Taking a closer look at IRATI.

As this is a broad research topic one or two groups of students can work on this and focus on specific details or issues. This is group 2.

RINA[1], Recursive InterNet Architecture is a novel architecture for computer networking that doesn't suffer from many of the shortcomings we experience using TCP/IP and the current Internet stack.
  • "It is a new architecture that builds on the fundamental principle that networking is Inter-Process Communication (IPC) and only IPC."
  • "RINA views the network as a collection of networks of processes, rather than a network of "boxes"€."
John Day gave a nice overview of RINA at TNC2015[2].

We would like someone to investigate this new approach and to see if it's possible to build a small testbed from the implementations that currently exists and report back on the issues they encounter while doing this. There are several prototypes/open source implementations to work with and test this new architecture.

[1] http://www.future-internet.eu/fileadmin/documents/fiarch23may2011/06-Grasa_DesignPrinciplesOTheRecursiveInterNetworkArchitecture.pdf
[2] http://geant.23video.com/tnc15-1a-opening-plenary?start=2105
Marijke Kaat <Marijke.Kaat=>surfnet.nl>
Ralph Koning <R.Koning=>uva.nl>

Koen Veelenturf <koen.veelenturf=>os3.nl>
R

P
2
24

Machine Detectable Network Behavioural Commonalities for Exploits and Malware.

Research if there are any machine detectable (i.e. fingerprints) network behavioral commonalities for exploits and malware generated by Armitage (as provided by Kali Linux).

Goal:
  • To determine whether the automated generation of malware by Armitage (http://www.fastandeasyhacking.com/) produces code that has predictable network behavior (rhythm of packets, size of packets, sequence of ports, payload sizes etc.) when used by inexperienced hackers.
Approach:
  • Set up a secure 'victim' environment (roll-back after each trial).
  • Create an incremental feature plan to create malware using Armitage.
  • When using more and more 'evasion' techniques, see if there are subtle or not-so-subtle fingerprints.
Result:
  • Knowledge that may help implementation of a broad-spectrum detector for basic malware 'created' by hobbyists (i.e. anklebiters).
  • Alternatively, the result may be that Armitage in it's current form is enough to create malware that can evade detection.
Explanation:
  • A major part of ad-hoc created malware is generated using Armitage. It is possible to generate a new virus / trojan within a very limited amount of time, this virus is hardly detectable by AV software. If there exist an option to detect Armitage generated malware by using its network behavior characteristics, then malware detection solutions will make a major step forward.
Adrianus Warmenhoven <adrianus.warmenhoven=>redsocks.nl>

Alexandros Stavroulakis <astavroulakis=>os3.nl>
R

P
2
26

On the feasibility of converting AMS-IX to an Industrial-Scale Software Defined Internet Exchange Point.

A Software Defined Internet Exchange (SDX) is an IXP consisting of a programmable SDN fabric, coupled with a BGP route server and an SDN controller. The SDX controller provides each participant AS with the abstraction of a dedicated switch that it can program using match-action policies to control traffic flows. Participants may express SDN policies on both their inbound and out- bound traffic, thus allowing for more granular policy definitions compared to solely using BGP for traffic engineering. Examples of potential use cases for this technology are application specific peering, load balancing over the IXP or upstream DDoS prevention.

Recent developments on an 'Industrial Scale' SDX controller (iSDX) have potentially made implementing a scalable SDX environment feasible. This project aims to evaluate the practical scalability of such an environment on the Brocade MLX platform of the AMS-IX.
Joris Claassen <joris.claassen=>ams-ix.net>
Arien Vijnn <arien=>ams-ix.net>

Siem Hermans <siem.hermans=>os3.nl>
Jeroen Schutrup <jeroen.schutrup=>os3.nl>
R
P
2
29

Misusing Open Services on the Internet.

Many one-off servers on the internet are badly configured to allow unauthenticated or default access to their services. Services like MongoDB, Memcached, and others (used to) come with no or default authentication out of the box, and are often inadvertently exposed to the entire internet. While the majority of these servers are hopefully forgotten and not business-critical, nor easy to exploit further than possessing an open service, it might otherwise be possible to use these services for other malicious purposes.
This research topic is about how open services can be maliciously used as a command & control facility for botnets. The impact of this research would be to show/publish another method that can be used by cyber criminals, and show the consequences of lacking security awareness and lacking good citizenship on the web.
Rick van Galen <vanGalen.Rick=>kpmg.nl>
Ben de Graaff <ben.degraaff=>os3.nl>
Jelte Fennema <jelte.fennema=>os3.nl>
R

P
1
30

Subverting Android 6.0 fingerprint authentication.

The main goal of this project is to assess the robustness of the Android 6.0 fingerprint verification chain. Mechanics behind the verification chain consists of several hardware and software layers. The research will solely focus on the software components:
  • FingerprintService singleton
  • Daemon process (fingerprintd)
  • Hardware Abstraction Layer (HAL) library

Without having mapped all possible input channels, some potential attack vectors have already been identified:
  • Replacing the fingerprint daemon with one that always provides positive answers to verification attempts
  • Attempt to modify behaviour of the FingerprintService using Java reflection techniques
Rick van Galen <vanGalen.Rick=>kpmg.nl>
Thom Does <Thom.Does=>os3.nl>
Mike Maarse <Mike.Maarse=>os3.nl>
R

P
1
31

Exfiltrating Data from Managed Profiles in Android for Work.

Android for Work is a native implementation of segregation of (amongst others) data on Android devices. The technology is based on native Linux user segregation and was developed in part by Samsung, as part of their Knox solution. Android for Work may be Android's killer move for business/enterprise users, as it addresses various major security concerns.
This research focuses on Android for Work's security features. Points of interest include: data segregation, protection of data at rest (encryption), local key management, AfW API's for Mobile Device Management solutions, etcetera.
Paul van Iterson  <vanIterson.Paul=>kpmg.nl>
Tom Curran <Tom.Curran=>os3.nl>
Ruben de Vries <Ruben.deVries=>os3.nl>
R

P
1
33

Power Efficiency of Hypervisor and Container-based Virtualization.

In the project 'Greening the Cloud', led by the HvA, we are interested in the performance of different Hypervisors with respect to greennnes. Hypervisors segment the physical machines into multiple virtual machines and considering their performance greennnes is mostly not taken into account. For equal benchmark/use
cases we will compare three hypervisors, two open source hypervisors, KVM and XEN, and another hypervisor from VMware. Performance issues with respect to green aspects must be defined for hypervisors and be suited to incorporate in a checklist. This checklist will be part of a larger framework to be developed by the collaboration aimed to green labeling of clouds. The comparison should be a fair comparison, i.e. the comparison should also take network functionality and storage functionality into account. About non-green performance aspects of hypervisors already studies are available, and part of the work will be a literature study.

This work will be conducted in close collaboration with two of the project participant, both cloud providers, Schuberg Philis and Greenhost.
Arie Taal <A.Taal=>uva.nl>
Paola Grosso <p.grosso=>uva.nl>

Jeroen van Kessel <jkessel=>os3.nl>
R

P
2
34

De APT-catcher.

Organisaties treffen allerhande maatregelen om inbrekers buiten hun infrastructuur te houden. Toch is niet ondenkbaar dat hackers binnendringen en ongemerkt lange tijd een 'Advanced Persistent Thread' (APT) vormen binnen het netwerk. Deze opdracht bestaat eruit om een soort digitale 'vliegenvanger' te bouwen. Een simpele honeypot op een eenvoudig stukje hardware. Deze "APT-catcher" luistert alleen maar passief. Zodra hij 'geraakt' wordt, bijvoorbeeld door middel van een portscan of pingsweep die de hacker uitvoert op het betreffende netwerksegment, gaan er alarmbellen af. Dat kan bijvoorbeeld een e-mail zijn, of een SNMP-trap. We denken aan een simpel kastje, zoals een Gli-NET, met OpenWRT. De honeypot kan iets zoals PSAD zijn. De opdracht bestaat eruit om een soepel, werkend geheel te bouwen, die simpel ingeplugd en geconfigureerd kan worden, weinig/geen false-positives genereert en niet ongemerkt stopt met werken.

"Marco Davids (SIDN)" <marco.davids=>sidn.nl>
Cristian Hesselman <cristian.hesselman=>sidn.nl>

Guido Kroon <guido.kroon=>os3.nl>
R

P
2
38

Namecoin as alternative to the Domain Name System.

This project involves the analysis of alternatives to the Domain Name System (DNS), which has been the internet's de facto naming system since 1983. Given its age, it is pertinent to ask how sustainable the DNS is and what the protocol's future is. What is the potential of possible alternatives such as NameCoin? Are any of them viable options? Can they match the robustness of the DNS?

https://www.sidn.nl/a/about-sidn/research-into-new-naming-and-identification-systems-on-the-internet?language_id=2

"Marco Davids" <marco.davids=>sidn.nl>
Cristian Hesselman <cristian.hesselman=>sidn.nl>

Xander Lammertink <xander.lammertink=>os3.nl>
R

P
2
39

Performance measurement and tuning of remote acquisition.

In previous research a remote acquisition and storage solution was designed and built that allowed sparse acquisition of disks over a VPN using iSCSI. The performance of this solution (and any solution that does random IO) depends on the tuning of the IO. The student is asked to come up with strategies that find a reasonable optimum between sequential io (full copy) and random io (sparse possibly incomplete logical copy) and give advice on when to choose which method.
Ruud Schramp <schramp=>holmes.nl>
Zeno Geradts <zeno=>holmes.nl>
Erwin van Eijk <eijk=>holmes.nl>

Lukasz.Makowski <Lukasz.Makowski=>os3.nl>

R

P
1
41

Comparison of parallel and distributed implementation of the MST algorithm.

There are many graph algorithms that are tuned and modified to work on modern architectures. In the same time, lots of effort is put into implementing large scale systems for graph processing over clusters and clouds.

In this project, we aim to compare the differences between the algorithms and their performance when running on single-node architectures and tunning on distributed systems. Specifically, by selecting different types of graphs, we want to analyze the cases where single-node platforms outperform multiple-node ones (i.e., clusters). The basic implementations for different systems will be provided.

The following deliverables are requested from the student:
  1. a selection of 1-3 algorithms chosen for performance analysis.
  2. a comparative description of the algorithms and their implementation details for different platforms.
  3. a description of the selected datasets (at least 10) and their features.
  4. a detailed performance report covering all the platforms and graphs, with a focus on comparative analysis.
Ana Varbanescu <a.l.varbanescu=>uva.nl>

Alexis Sireta <Alexis.Sireta=>os3.nl>
R

P
1
43

Development of a new policy evaluation procedure for XACML.

Definition : eXtensible Access Control Markup Language (XACML) has become the de facto standard for the policy specification access control policies on various platforms including the Web. XACML does not only provide a language to specify policies, but also an architecture for the enforcement of policies. In this thesis, we will develop an efficient policy evaluation procedure that is applied by the policy decision point (PDP) component of the architecture. The state-of-the-art on this research work is represented by XEngine [1] which employs decision diagrams to produce access decisions. The problem with this approach is it is memory hungry and may not scale in certain scenarios where memory is limited.
The thesis will start with the analysis of decision diagrams that will identify their strengths and weaknesses. For instance, we should be able to answer the question at the end :
  • For which kind of problems, canonical representation such as the one of decision diagrams, are good?
References:
[1] Alex X. Liu, Fei Chen, JeeHyun Hwang, Tao Xie, "Designing Fast and Scalable XACML Policy Evaluation Engines". IEEE Trans. Computers 60(12): 1802-1817 (2011)
[2] Santiago Pina Ros, Mario Lischka, Felix Gomez Marmol, "Graph-based XACML evaluation" SACMAT 2012: 83-92
Fatih Turkmen <F.Turkmen=>uva.nl>

Jorian van Oostenbrugge <jorian.vanoostenbrugge=>os3.nl>
R

P
1
47

Automated capability analysis in WordPress plugins.

Background information.

Data drives business, and maybe even the world. Businesses that make it their business to gather data are often aggregators of client­side generated data. Client­side generated data, however, is inherently untrustworthy. Malicious users can construct their data to exploit careless, or naive, programming and use this malicious, untrusted data to steal information or even take over systems.
It is no surprise that large companies such as Google, Facebook and Yahoo spend considerable resources in securing their own systems against would­be attackers. Generally, many methods have been developed to make untrusted data cross the trust­boundary to trusted data, and effectively make malicious data harmless. However, securing your systems against malicious data often requires expertise beyond what even skilled programmers might reasonably possess.

Problem description.

Ideally, tools that analyze code for vulnerabilities would be used to detect common security issues. Such tools, or static code analyzers, exist, but are either out­dated (http://rips­scanner.sourceforge.net/) or part of very expensive commercial packages (https://www.checkmarx.com/ and http://armorize.com/). Next to the need for an open­source alternative to the previously mentioned tools, we also need to look at increasing our scope. Rather than focusing on a single codebase, the tool would ideally be able to scan many remote, large­scale repositories and report the findings back in an easily accessible way.
An interesting target for this research would be very popular, open­source (at this stage) Content Management Systems (CMSs), and specifically plug­ins created for these CMSs. CMS cores are held to a very high coding standard and are often relatively secure. Plug­ins, however, are necessarily less so, but are generally as popular as the CMSs they’re created for. This is problematic, because an insecure plug­in is as dangerous as an insecure CMS. Experienced programmers and security experts generally audit the most popular plug­ins, but this is: a) very time­intensive, b) prone to errors and c) of limited scope, ie not every plug­in can be audited. For example, if it was feasible to audit all aspects of a CMS repository (CMS core and plug­ins), the DigiNotar debacle could have easily been avoided.

Research proposal.

Your research would consist of extending our proof­ of­ concept static code analyzer written in Python and using it to scan code repositories, possibly of some major CMSs and their plug­ins, for security issues and finding innovative ways of reporting on the massive amount of possible issues you are sure to find. Help others keep our data that little bit more safe.
Patrick Jagusiak <patrick.jagusiak=>dongit.nl>

Frank Uitewaal <fuijtewaal=>os3.nl>
R

P
2
50

Docker Overlay Networks Performance analysis in high-latency environments.

The GÉANT Testbeds Service (http://services.geant.net/GTS/Pages/Home.aspx) provides an interesting experimentation platform for the study of novel networking architectures. In this project we assess and usability of GTS for Container (Docker) networking, with focus on the impact of latency and geographical distribution of resources on the networked application performance.
Paola Grosso <p.grosso=>uva.nl>

Siem Hermans <siem.hermans=>os3.nl>
Patrick de Niet <Patrick.deNiet=>os3.nl>
R

P
1
51

Jailbreak/Root Detection Evasion Study on iOS and Android.

Description:
  • Mobile applications may implement measures against rooted devices. Frameworks exist for Android and iOS that provide root detection and can be integrated into mobile applications. We are looking for how these frameworks implement root detection and what are possible workarounds.
Roel Bierens <rbierens=>deloitte.nl>

Dana Geist <Dana.Geist=>os3.nl>
Marat Nigmatullin <Marat.Nigmatullin=>os3.nl>
R

P
1
52

TLS Session Key Extraction from Memory on iOS Devices.

Description:

On Android and iOS it may be possible to obtain the SSL session keys by scanning and parsing the process memory of a running application. We would like to investigate whether it is possible to recover the keys to decode captured network traffic of SSL sessions. This project focusses on IOS.
Cedric Van Bockhaven <cvanbockhaven=>deloitte.nl>

Tom Curran <Tom.Curran=>os3.nl>
Marat Nigmatullin <marat.nigmatullin=>os3.nl>
R

P
2
53

Developing an Ethereum Blockchain Application.

Blockchain technology is getting much attention triggered by the popularity of the bitcoin cryptocurrency. However, blockchain technology has applications beyond monetary. Examples are domain name registration (Namecoin, .bit), notary functions and smart contracts. Also the health industry is mentioned in this context: enforcing of insurance contracts and privacy-preserving exchange of patient data.
 
Ethereum (https://ethereum.org/) is a crowdfunded decentralized platform that runs smart contracts: applications that run exactly as programmed without any possibility of downtime, censorship, fraud or third party interference. It is based on blockchain technology. The hypothesis is that Ethereum will make it easy to launch blockchain-based applications without needing to start a new blockchain or cryptocurrency.
 
In this project, you will investigate the hypothesis by
  • Selecting a useful blockchain-based application
  • Developing the selected application as smart contract on Ethereum
  • Developing an associated client application
  • Launching and using the developed application
  • Evaluating the whole process
Oskar van Deventer <oskar.vandeventer=>tno.nl>
Erwin Middelesch <erwin.middelesch=>tno.nl>

Nikolaos Triantafyllidis <Nikolaos.Triantafyllidis=>os3.nl>
R

P
2
55

WIFI espionage using an UAV.

Many companies leak information to the outside world from their office buildings. WiFi signals, sound waves, heat vision, even aerial photos can reveal sensitive information about a company. A drone or UAV could potentially detect all of these sources of information. But what exactly should such a UAV be equipped with? What sensors can be used to obtain sensitive information about a company, and how effective are they?
Rick van Galen <vanGalen.Rick=>kpmg.nl>

Yadvir Singh <Yadvir.Singh=>os3.nl>
R

P
1
56

Penetration Testing Auditability.

During pentests, it is difficult to keep track of what actions exactly have been performed.
  • Has this host been connected to?
  • Where has this credential been found?
  • When exactly was this command executed?
The goal of this research project is to identify useful sources of audit information in a pentest, and develop automated collecting of these in a unified database (e.g. ElasticSearch). Evaluating performance overhead of real time data collecting can also be a goal of this project.
Christopher Mills <Mills.Christopher=>kpmg.nl>

Stamatios Maritsas <Stamatios.Maritsas=>os3.nl>
Alexandros Tsiridis <Alexandros.Tsiridis=>os3.nl>
R

P
1
57

(Aster)-picking through the pieces of short URL services.

In this research we want to map the landscape of short url’s by brute forcing well known providers and testing to see if the short urls are pointing towards malicious sources. By checking the long urls with the spamhaus and google safe browsing api we can gather information about the reputation of these sites. By doing this research we can get a picture of the landscape and find out how effective filtering is of providers.
Ruud Verbij <Verbij.Ruud=>kpmg.nl>
Peter Boers <peter.boers=>os3.nl>
Robert Diepeveen <Robert.Diepeveen=>os3.nl>
R

P
1
58

Extremely Sensitive Communication; Secure, Secret, and Private e-mail.

Literature study:
This project can be supported by Merel Koning from the RU Nijmegen, as she is a real fan of this topic.
Ruud Verbij <Verbij.Ruud=>kpmg.nl>
Loek Sangers <loek.sangers=>os3.nl>
R

P
2
60

Partition under disruption improves computer network delivery.

Under disruption, network protocols determines the agility to adjust routing and propagate packets correctly thought network. Information propagation from these routing protocols may cause packets to be dropped elsewhere in the network. Changing routing protocols, under disruption, might be beneficial for end to end communications. In this project, you are simulating different routing protocols, and testing strategies to increase the arrival rate of packets.

Requirements: knowledge of routing protocols and python programming.
Marc Makkes <m.x.makkes=>vu.nl>

Lukasz Makowski <Lukasz.Makowski=>os3.nl>
R

P
2
65

Malicious Domain Name Detection System.

The Domain Name System (DNS) - as defined in RFC 1034 and 1035 - is the de-facto standard for translating domain names into their corresponding numerical (IP) addresses. Due to the fact that DNS is so highly embedded into the workings of the Internet, cybercriminals must also make use of it to reach their malicious domains. These domains can, for instance, be used for sending spam or function as bots within a larger botnet.
A dataset provided by the Stichting Internet Domeinregistratie Nederland (SIDN), the highest authority for the Dutch .nl Top-level domain (TLD), will be used to research whether it is possible to detect malicious domains by looking at spatial characteristics in the data. By combining existing data with data from common Domain Name System Blacklists (DNSBLs), a probabilistic model that tries to rank a domain on maliciousness will be made.

More info:
Marco Davids <marco.davids=>sidn.nl>
Cristian Hesselman <cristian.hesselman=>sidn.nl>
Maarten Wullink <maarten.wullink=>sidn.nl>

Auke Zwaan <Auke.Zwaan=>os3.nl>
R

P
1
66

BGP Hijack Alert System.

BGP hijacks are a common problem in the current architecture of the internet. ASN and IP-range owners can take measures to detect them, but often they do not. Recently, incidents like a BGP hijack on an IP-range from the Dutch Ministry of Foreign affairs (https://tweakers.net/nieuws/104975/ip-adressen-buza-gekaapt-via-bgp-hijacking.html ) questions about detecting those incidents are being asked on a national level. The NCSC would like to investigate whether it is possible to detect hijacks within its constituency without disclosing the information of constituents to third parties. There are third party services, but they are often limited to a small number of IP-ranges and you have to distribute your IP-ranges to them.

In this project the aim is to get more insight in the following questions:
  • Is it possible to do early detection of BGP hijacks for a large number of IP-ranges and AS numbers with public resources?
  • What is the number of hijacks in the +/- 830 ASN's registred in RIPE with country code NL?
  • Is it possible to approximate this number with a low number amount of false positives?
A deliverable of this project can be a tool to do BGP hijack detection (near-real-time if possible) for  ranges if IP-adresses and ASN's.
Jeroen van der Ham <jeroen.vanderham=>ncsc.nl>
Gert Vliek <Gert.Vliek=>ncsc.nl>

Jeroen Schutrup <Jeroen.Schutrup=>os3.nl>
Bram ter Borch <bram.terborch=>os3.nl>
R

P
1
67

Investigating the Potential for SCTP to be used as a VPN Transport Protocol.

Introduction: A Virtual Private Network (VPN) allows two endpoints to provide a secure means of communication over an untrusted connection. Conceptually, a tunnel through the unsecure network is created between the endpoints. This is done by encapsulating and encrypting traffic as it enters the tunnel, then decrypting and decapsulating the traffic as it exits. One of the strengths of a VPN is the wide variety of traffic that can be supported through the tunnel. Some of the challenges of deploying a VPN are how best to encapsulate this wide variety of data and how to transport it over the network. There are various technologies that have been used to meet these challenges. OpenVPN can use either TCP or UDP to transport data[8]. With IPSec the Encapsulating Security Payload (ESP) protocol is used[4]. Cisco developed its own protocol for encapsulation, Generic Routing Encapsulation (GRE)[3], which is also used by the Point­to­Point Tunneling Protocol (PPTP)[2]. This research will investigate the possibility of using the Stream Control Transmission Protocol (SCTP). As a transport protocol SCTP is similar to TCP in that it is a connection oriented protocol that provides reliable delivery[11]. Unlike TCP, SCTP is message based[11]. It also has two features in particular that may be useful for data encapsulation. The first is that it supports multiple streams over a single connection with independent ordering[7]. The second feature that may be useful is the ability to selectively disable the ordering requirement for individual messages[11]. For these reasons a further investigation into the possibility of using SCTP to transport VPN traffic should be conducted.

Research Question:

The purpose of the research will be to determine under what circumstances, if any, is SCTP a suitable choice of a transport protocol for VPN traffic. This research will specifically focus on how the SCTP multiple streams and selective unordered delivery features can be used to improve performance as compared to TCP or UDP.
Ralph Koning <R.Koning=>uva.nl>
Junaid Chaudhry <Junaid.Chaudhry=>os3.nl>

Joseph Hill <Joseph.Hill=>os3.nl>
R

P
1
80

Restoring TCP sessions with a DHT.

Summary:
Datacenters have been developing applications that scale infinitely, but these same datacenters always have choke points at the edges, the location of a firewall/loadbalancer middleboxes. These middleboxes are dedicated hardware appliances. These appliances have throughput limits and can’t be easily scaled without replacing the existing appliance with a larger appliance. This is unlike webscale applications today where more application instances can be instantiated dynamically to increase scale.

What if we transition the middlebox appliance to an x86 node providing a Network Function Virtualization? Is it possible to use a combination of a fully routed network with a server based routing application to create infinitely scaling middleboxes?
Problem statement:
Currently a high-availability FW/LB setup is dependent on a L2 network. A set of devices share a MAC address to failover in case of network change. Forwarding state is synchronised between the hosts to ensure a smooth failover. This creates limits in physical scalability and location as well as requires all middleboxes to exist in a single failure domain.

If the FW/LB was moved to the host to create a topology with multiple active nodes, packets could be forwarded to differents host by leveraging ECMP. How can this solve the FW/LB limitation in a horizontal scalable concept?

If middleboxes can be moved to an entirely routed model it would create greater scalability, resiliency and mobility, however challenges on how to solve clustering and service advertisement will need to be solved.
Scope:
This project will have two phases
  1. Phase 1: The student will explore the feasibility of layer 3 clustering with one or more software based middlebox solution. Examples could be HAProxy, Nginx or Firewalld.
  2. Phase 2:
    • Phase 2a: If it is deemed feasible, the student would build a proof of concept using freely available software to build a sample network combining the middle box application, Cumulus VX for network nodes and Cumulus Networks Quagga to act as routing software for the x86 nodes. Along with the sample lab, the student should describe the advantages, challenges and potential pitfalls to this solution.
    • Phase 2b: If it is deemed infeasible, the student would detail what are the current shortcomings of the existing solutions that prevent layer three clustering and what options exist to solve the problem. A proof of concept should be built showing a simple application sharing state and clustering at layer 3. A highly motivated individual could use these results to contribute to the open source project of choice, but would not be required in the scope of this project. Again, Cumulus Networks Quagga and Cumulus Vx network nodes can be used for this simulation.

The supervisors from Cumulus Networks will be able assist with issues related to Cumulus VX, Cumulus Networks Quagga application, Vagrant, automation (Ansible) or any general networking or network design questions.
Attilla de Groot <attilla=>cumulusnetworks.com>
Pete Lumbis <plumbis=>cumulusnetworks.com>
Rama Darbha <rama=>cumulusnetworks.com>

Peter Boers <Peter.Boers=>os3.nl>
R

P
2
86

On GSM Open Source Intelligence.

SS7 is Signaling System no 7 a set of protocols for the 70's for phone routing still in use today. With these protocols you can intercept calls, ping mobile phones, etc. using this set of protocols can be useful for OSINT (localization, gaining information about the SIM, maybe other useful stuff). Recently it has been in the new to use it for tapping phone calls. We would like to find out what information is sent over the air by popular mobile devices that may be tapped by malicious actors, and how to protect mobile users from this risk. Using a BladeRF and a Faraday’s cage we can create a contained environment to set up an own base station.
Cees de Laat <delaat=>uva.nl>

Kenneth van Rijsbergen <Kenneth.vanRijsbergen=>os3.nl>
R

P
1
87

Bypassing 802.1X in an IPv6 configured network.

IEEE 802.1X is an IEEE Standard for port-based Network Access Control (PNAC). There are a couple of tools to bypass 802.1X. “Nacker” is such a tool, and there is also "Marvin". We would like to create a physical implant device (based on a Raspberry Pi for example) with 2 ethernet ports + 1 tap port (4g/wifi/Ethernet). To the NAC solution, the implant device is the device which is being authenticated. However, the implant NATs the actual device and is tapping the device without the need to clone MACs and IPs. This prevents collisions which you get when you use a low-tech hub solution.
Henri Hambartsumyan <HHambartsumyan=>deloitte.nl>
Arris Huijgen <ahuijgen=>deloitte.nl>

Ruben de Vries <Ruben.devries=>os3.nl>
Robert Diepeveen <Robert.Diepeveen=>os3.nl>
R

P
2
88

SDIO as a new peripheral attack vector.

SDIO is an extension of the SD specification to provide I/O operations. This enables external modules (think of GPS, RFID reader, modems) to communicate via the SD card slot. We would like to find out if it is possible to create an automated I/O device that can trigger commands on the host system via the SD card slot (similar to the USB rubber ducky).
Cedric Van Bockhaven <cvanbockhaven=>deloitte.nl>

Thom Does <thom.does=>os3.nl>
Dana Geist <Dana.Geist=>os3.nl>
R

P
2
89

The Design of Malware on Modern Hardware; Malware Inside Intel SGX Enclaves.

Commodity hardware typically contains multiple processing units. Some perform generic tasks (e.g. CPU), others perform more specific tasks (e.g., disc and network controllers). It has be shown that malware designs use specific processing features to hide malicious operations. In this project you are going to research the design space and architecture of malware by looking at specific processor features.
Marc X. Makkes  <m.x.makkes=>vu.nl>
Kaveh Razavi <kaveh=>cs.vu.nl>

Jeroen van Prooijen <Jeroen.vanProoijen=>os3.nl>
R

P
2
90

Supporting Internet of Things applications in Information-Centric Networks.

Information-Centric Networking (ICN) is an approach to evolve the internet infrastructure towards a data-centric model by introducing uniquely named data as a core Internet principle. This approach fits better with the current Internet usage, where consumers seek to find the data they want and not reach a particular Internet host. With ICN, data becomes independent from location, application, storage, and means of transportation, enabling in-network caching and replication. ICN also promises benefits in terms of efficiency, scalability, bandwidth demand and robustness in challenging communication scenarios. However, ICN is still in the research phase and its promised benefits need to still be clearly demonstrated.
 
In this research project, you will investigate the feasibility of Internet-of-Things (IoT) applications within the ICN paradigm, specifically focusing on remotely accessible mobile sensors: as an example think of remotely accessing the speed of cars located in a certain region or the temperature measured by aerial drones in operation.
 
During your internship you will create a proof-of-concept of one IoT applications built on top of the TNO ICN testbed. The proof-of-concept will be using Raspberry Pi’s, so you should also consider its limitations in the design and implementation of the IoT application.
Lucia D’Acunto <lucia.dacunto=>tno.nl>
Ray van Brandenburg <ray.vanbrandenburg=>tno.nl>
Olaf Elzinga <olaf.elzinga=>os3.nl>
Jenda Brands <Jenda.Brands=>os3.nl>
R

P
1
91

Using Sensitive Information on Android 6 Based Smartphones.

Smartphones and today’s enterprises have become indispensable. Enterprises allow users to bring their own smartphones inside the cooperate network, distribute smartphones to their employees as business smartphones or smartphones are used as a critical part of a business.

Smartphone can contain a lot of sensitive information reaching from contact information to information that can harm enterprises. Chief Security Officer are puzzled with the question how such information can be protected. NIST and CESG have published guidelines for deploying cell-phones and PDA’s, but those guidelines are either to generic or do not offer sufficient protection. What if an Android phone has to store information that can cause an enterprise to lose millions?
Ruud Verbij <Verbij.Ruud=>kpmg.nl>

Romke van Dijk <romke.vandijk=>os3.nl>
R

P
2
92

A systematic approach towards GNSS receiver vulnerability analysis on Remotely Piloted Aircraft Systems.

The goal of this research is to identify and experiment with means to influence aerospace systems through wireless communication. The target system comprises a professional grade RPAS (Remotely Piloted Aircraft System) with an on-board GNSS receiver.

Through the GNSS receiver the system acquires mission critical operating parameters to determine speed, time and current position in 3D space. Therefore, an adversary might be interested in tampering with the GNSS data being transmitted which in term directly influences the system's behaviour.

Within this research it is possible to investigate:
  1. Performing replay attacks (meaconing)
  2. Assembling and transmitting malicious/falsified GNSS packets
René Wiegers <rene.wiegers=>nlr.nl>
Judith van Bruggen <judith.van.bruggen=>nlr.nl>

Mike Maarse <mike.maarse=>os3.nl>
R

P
2
94

Modifying existing applications for 100 Gigabit Ethernet.

In the SURFnet test network we have an Inventec D7032Q28B switch running in OpenFlow mode. Connected to the Inventec switch are two nodes with an 100GE link. The two nodes are:
  • Supermicro 5018R-MR
  • 1 x Intel Xeon E5-1630V3
  • 4 x Certified 8GB DDR3 2133mhz ecc reg
  • 1 x ConnectX-4, 2-port 100 Gbe, MCX416A-CCAT
The nodes are running the default perfSONAR ISO with perfSONAR Toolkit v3.5.1.3. Tuning was done on the nodes using a.o. the information on the ESnet site: https://fasterdata.es.net/host-tuning/40g-tuning/.

The configured settings result in the following throughput using one single TCP stream:

$ iperf3 -c 10.0.0.1 -A 0,0
Connecting to host 10.0.0.1, port 5201
[ 4] local 10.0.0.2 port 43552 connected to 10.0.0.1 port 5201
[ ID] Interval      Transfer   Bandwidth    Retr Cwnd
[ 4]  0.00-1.00  sec 5.23 GBytes 44.9 Gbits/sec   0  952 KBytes
[ 4]  1.00-2.00  sec 5.18 GBytes 44.5 Gbits/sec   0  970 KBytes
[ 4]  2.00-3.00  sec 5.18 GBytes 44.5 Gbits/sec   0  1022 KBytes
[ 4]  3.00-4.00  sec 5.18 GBytes 44.5 Gbits/sec   0  1.02 MBytes
[ 4]  4.00-5.00  sec 5.44 GBytes 46.7 Gbits/sec   0  1.06 MBytes
[ 4]  5.00-6.00  sec 5.30 GBytes 45.5 Gbits/sec   0  1.19 MBytes
[ 4]  6.00-7.00  sec 5.26 GBytes 45.2 Gbits/sec   0  1.22 MBytes
[ 4]  7.00-8.00  sec 5.21 GBytes 44.8 Gbits/sec   0  1.23 MBytes
[ 4]  8.00-9.00  sec 5.20 GBytes 44.7 Gbits/sec   0  1.25 MBytes
[ 4]  9.00-10.00 sec 5.18 GBytes 44.5 Gbits/sec   0  1.25 MBytes
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval      Transfer   Bandwidth    Retr
[ 4]  0.00-10.00 sec 52.4 GBytes 45.0 Gbits/sec   0    sender
[ 4]  0.00-10.00 sec 52.4 GBytes 45.0 Gbits/sec      receiver

iperf Done.

A nice result, but we think a higher throughput could be possible over the 100GE connection using Intel's DPDK. The project: Research possibilities to use iperf3 and DPDK to realize a much higher throughput up to 100Gbit/s.

Another interesting thing to look at the performance of separate flows on the switch and impact on certain types of traffic.
Migiel de Vos <migiel.deVos=>surfnet.nl>
Jelte Fennema <jelte.fennema=>os3.nl>
R

P
2
95

P4 VPN Authentication; Authentication of VPN Traffic on a Network Device with P4.

In order to facilitate research that spans multiple domains SURFnet has created a VPN architecture that enables end users to create virtual networks on demand.[1] This architecture uses OpenFlow to set-up and tear-down virtual networks without needing the help of network administrators to do manual configuration of the network switches. Currently the VPN architecture is not able to authenticate its users because of limitations inherent to the OpenFlow protocol.

The goal of this project is to find out whether and how authentication of user-initiated VPNs can be done using the P4 (Programming Protocol- Independent Packet Processors) language. P4 is a programming language designed to allow programming of packet forwarding dataplanes.[2] P4 promises more flexibility than OpenFlow in that it not only allows for making decisions on specific pre-defined packet formats but also allows for defining how packets look like and making more informed decisions locally one the networking devices.

The project consist of the following tasks:
  • defining a protocol that is suitable for authentication of flows on the provider edge
  • investigating how authentication can be done best using P4
  • creating a proof of concept, probably involving a simplified cryptography mechanism, to demonstrate the design or to point out where P4 (or its targets) needs to improve upon to make it possible
  • possibly reasoning about the best way to incorporate the authentication in the VPN Architecture
[1] https://kirk.rvdp.org/publications/indis-coco-paper.pdf
[2] https://en.wikipedia.org/wiki/P4_%28programming_language%29
Ronald van der Pol <Ronald.vanderPol=>SURFnet.nl>
Marijke Kaat <marijke.kaat=>surfnet.nl>

Jeroen Klomp <jeroen.klomp=>os3.nl>
R

P
2

Presentations-rp2

I hereby would like to invite you to the annual RP2 presentations, where the SNE students will be presenting their research. Considering the wide variety of presentations the day promises to be very interesting and we hope you will join us.
Program (Printer friendly version: HTML, PDF) :
The event is stretched over two days: Wednesday-Thursday June 29-30 th, 2016. Wednesday June 29, 2016, Auditorium C0.110, FNWI, Sciencepark 904, Amsterdam.
10h00 D # Welcome. Cees de Laat Loc RP #stds
10h00 20 35 Partitioning of big graphs.
Alexis Sireta
UvA 2
1
10h20 20 60 The effects of network disruption on routing protocols and packet propagation.
Lukasz Makowski VU
2
1
10h40 20 89 The design of trojans on modern hardware.
Jeroen van Prooijen VU
2
1
11h00 20

*
Break


11h20 20 80 Restoring TCP sessions with DHT.
Peter Boers
CumulusNetworks 2
1
11h40 25 90 Supporting Internet of Things applications in Information-Centric Networks. Olaf Elzinga, Jenda Brands TNO 1
2
12h05 65
*
Break


13h00 20 95 P4 VPN Authentication; Authentication of VPN Traffic on a Network Device with P4. Jeroen Klomp SURFnet 2
1
13h20 20 23 Taking a closer look at IRATI.
Koen Veelenturf
SURFnet/UvA
2
1
13h40 20 94 Modifying existing applications for 100 Gigabit Ethernet.
Jelte Fennema SURFnet
2
1
14h00

Closing. Cees de Laat & OS3 team



Thursday June 30, 2016, Auditorium C0.110, FNWI, Sciencepark 904, Amsterdam.
10h00 D # Welcome. Cees de Laat Loc RP #stds
10h00 25 26 Evaluating the applicability of an Industrial-Scale Software Defined Internet Exchange Point at the AMS-IX.
Siem Hermans, Jeroen Schutrup AMS-IX
2 2
10h25 25 21 Adding unusual data transports to the Serval Project.
Alexandros Tsiridis, Joseph Hill Flinders 2
2
10h50 20





11h10 20

*
Break


11h30
20
13
Designing an open source DMARC aggregation tool. Yadvir Singh NLnet 2
1
11h50 20 47 Automated access management analysis on WordPress plugins using machine learning.
Frank Uitewaal DONGIT
2
1
12h10 20 92 Assessing the likelihood of GNSS spoofing attacks on RPAS.
Mike Maarse NLR
2
1
12h30 60
*
Break


13h30 25 87 Bypassing 802.1X in an IPv6 environment.
Ruben de Vries, Robert Diepeveen Deloitte 2
2
13h55 20 86 SS7/GSM OSINT.
Kenneth van Rijsbergen Deloitte 1
1
14h15 25 88 SD card rubber ducky via SDIO.
Thom Does, Dana Geist Deloitte 2
2
14h40 20

*
Break


15h00 25 52 SSL session key extraction from memory on mobile devices (Android, iOS).
Tom Curran, Marat Nigmatullin Deloitte
2
2
15h25 20 58 Extremely sensitive communication; Secure, secret, and private e-mail.
Loek Sangers
KPMG
2
1
15h45 20 91 Using Extremely Sensitive Information in Android.
Romke van Dijk KPMG 2
1
16h05

Closing. Cees de Laat & OS3 team



Presentations-rp1

Monday feb 1th, 12h35 - 1700 in B.1.23 at Science Park 904 NL-1098XH Amsterdam.
Program (Printer friendly version: HTML, PDF
) :
(all presentations are 20 minutes for single and 25 minutes for pairs of students, opm: *=scheduled on request in that timeslot)

Time D #RP Title Name(s) LOC RP #stds
12h35

Welcome, introduction. Cees de Laat


12h40 20 67 Investigating the Potential for SCTP to be used as a VPN Transport Protocol. Joseph Hill SNE 1 1
13h00 25 4 Portable RFID/NFC “Bumping” Device. Romke van Dijk, Loek Sangers DeLoitte 1 2
13h25 20 53 Developing an Ethereum-blockchain application. Nikolaos Triantafyllidis TNO 2 1
13h45 25 41 Empirical evaluation of parallel vs. distributed graph processing algorithms. Alexis Sireta, Lazar Petrov SNE 1 2
14h10 15
bio break



14h25 20 24 Machine detectable network behavioral commonalities for exploits and malware. Alexandros Stavroulakis RedSocks 2 1
14h45 25 18 UsnJrnl parsing for file system history. Frank Uitewaal, Jeroen van Prooijen Fox-IT 1 2
15h10 20 19 UsnJrnl parsing for Microsoft Office activity. Kenneth van Rijsbergen Fox-IT 1 1
15h30 20
break



15h50 25 22 RINA - Recursive InterNet Architecture (1). Jeroen van Leur, Jeroen Klomp SURFnet, SNE 1 2
16h15 20 25 Combatting Phishing With Snort. Olaf Elzinga SNE-OS3 1 1
16h35 25 51 Root detection evasion (Android, iOS). Dana Geist, Marat Nigmatullin DeLoitte 1 2
17h00

*
End


Tuesday feb 2th, 9h35 - 16h35 in room B1.23 at Science Park 904 NL-1098XH Amsterdam.
Program:
Time D #RP Title Name(s) LOC RP #stds
9h35

Welcome, introduction. Cees de Laat


9h40 20 26 Open source SOC demonstration. Jenda Brands OS3 1 1
10h00 20 38 Research into new naming and identification systems on the internet. Xander Lammertink SIDN 2 1
10h20 20 65 Graph theory for domain name registries. Auke Zwaan SIDN 1 1
10h40 20
break



11h00 20 39 Performance measurement and tuning of remote acquisition. Lukasz.Makowski NFI 1 1
11h20 25 31 Security features of Android for Work. Tom Curran, Ruben de Vries KPMG 1 2
11h45 25 66 Detecting BGP hijacks for a large number of Dutch networks. Jeroen Schutrup, Bram ter Borch NCSC 1 2
12h10

Lunch



13h00 25 30 Investigating the new Android 6.0 native fingerprint API. Thom Does, Mike Maarse KPMG 1 2
13h25 20 33 Greening the Cloud. Jeroen van Kessel SNE 2 1
14h45 25 29 Misusing open internet services on the Web. Ben de Graaff, Jelte Fennema KPMG 1 2
14h10 15
bio break



14h25 20 55 Risk detection with a UAV. Yadvir Singh KPMG 1 1
14h45 25 56 Penetration test auditibality. Stamatios Maritsas, Alexandros Tsiridis KPMG 1 2
15h10 25 50 Container Networking in the GTS. Siem Hermans, Patrick de Niet SNE 1 2
15h35 15
break



15h50 25 57 Investigation into the maliciousness of short url’s. Peter Boers, Robert Diepeveen KPMG 1 2
16h15 20 20 Design exploration of transparency enhancing technology. Mathijs Houtenbos WhiteBox 2 1
16h35

*
End



Out of normal schedule presentations:
Room B1.23
at Science Park 904 NL-1098XH Amsterdam.
Program:
Time Place D #RP Title Name(s) LOC RP #stds
2016-08-11 13h00 B1.23 20 96 Leader election and logical organization in inter-cloud virtual machines. Andrey Afanasyev UvA 1
1
2016-08-11 13h30 B1.23 20 34
Portable Passive Detection of Advanced Persistent Threats report
Guido Kroon
SIDN
2
1
2016-08-19 11h00 B1.23 20 43
Development of a new policy evaluation procedure for XACML.
Jorian Oostenbrugge
UvA
1
1




*
End



11h30 20 43 Development of a new policy evaluation procedure for XACML.
Jorian van Oostenbrugge
UvA
1
1