Cybersecurity project proposals
Below are some projects that I’m willing to supervise. If you’re interested in any of these projects then feel free to email me to chat, and by all means feel free to add your own twist to the proposal.
If you have an idea in mind that is not listed below, but you think I’d be a good supervisor, please reach out anyway - I’m also happy to supervise similar projects. My core strengths lie around cryptography and applied cryptography, but I’m also happy supervising projects on software security, malware and attack technologies and anything involving natural language processing and the security of neural networks.
-
Cryptographic library: Cryptography is essential for protecting the confidentiality and integrity of data, but not all programming languages have fully fledged crypto libraries. Writing a new cryptographic library takes time, and care must be taken to ensure that all code is secure against side-channel analysis. This project involves doing just that, by implementing a cryptographic suite of your choice (either primitives or protocols). You will need to ensure that your library is secure against side-channel attacks (eg. it is constant time, keys are erased from memory). See Martin Kleppmann’s paper on implementing Curve25519 for a more in-depth overview of the challenges present when implementing cryptographic primitives.
-
Modern approaches to encrypted email: End-to-end encryption is an important tool for protecting email communications, but its adoption has been slow due to the technical challenges involved. The main approach to email encryption, PGP, is notoriously difficult to use, and requires users to look after a long-term key (or several). Other approaches, such as Tutanota and Criptext, exist, but their approaches lack compatibility with third-party clients and other email services. This project seeks to build an encrypted email service which offers the best of both worlds, providing improved features such as subject line encryption, forward secrecy and post-quantum security while offering IMAP support and compatibility with other email services. See here and here for more info.
-
Pretty Easy Privacy: PGP is notoriously difficult to use. Alternatives like age and NaCl do exist for secure communication, but many of these are command-line only tools and so are almost as difficult for non-expert users to use. For this project, you’ll be integrating one of these tools (or perhaps developing your own) into an email client such as Thunderbird, developing an extension that allows users to generate keys, encrypt and sign emails, and automatically decrypt and verify received emails. See here for more info.
-
Side-channel analysis of cryptographic implementations: The main reason for the phrase “don’t roll your own crypto” is the ease of developing insecure cryptographic implementations. Even if the underlying mathematics is sound, it’s all too easy to introduce side-channels that nullify the security of a crypto library. This project will have you develop a series of tools to recover secret keys from insecure cryptographic implementations (either your own or from existing tools).
-
Secure file sync: File sync applications (such as Google Drive, OneDrive and Nextcloud) that allow you to back up your files online already exist, but using them typically means entrusting a central server with your files. For this project, you will be developing a proof of concept for a new file sync application. For bonus points, you could sync the files in a distributed manner using a protocol such as IPFS. Based on a proposal at ETH Zürich.
-
Malware analysis: With over half a million new malware variants discovered in 2022, there is no shortage of malware samples to analyse. This project provides an opportunity to analyse a real-world malware sample of your choice, writing a report on its payload, propagation, evasion techniques, and any quirks in its behaviour.