Cloud storage services like Dropbox, Sky Drive, Google Drive etc. are very popular and make a tangible difference in users wanting to access their data from multiple devices. One concern with cloud storage is security. Most services don't offer any client-side encryption. The data is effectively in the clear for the service provider (or anyone who compromises the service provider systems). Some services do allow client-side encryption using a user password. However the data stored on a cloud protected only with a user password is vulnerable to dictionary attacks. On the other hand, password-based solutions rank high in terms of consistent user experience across different classes of devices: in order to access his/her data the user has to install an app, point it to a cloud storage directory, and enter a password. The objective of this special assignment is to design and implement a key management system for encrypted personal cloud storage using a strong key while aspiring to come close to the level of user-experience of the password based solution.
Required Skills:
Software development in one or more smartphone
platforms, HTML5, basic knowledge of cryptography.
Nice to have:
Prior experience in doing usability evaluations and user studies.
Status: Open.
The latest versions of mobile operating systems contain APIs for PKI
and cryptographic operations. For instance, they can be used to
generate a key pair and enroll a digital end user certificate for that
key pair, which together can be used by applications to participate in
PKI based protocols such as HTTPS based client authentication, and
S/MIME for email signing and encryption. The objective of this
assignment is to become familiar with these APIs either on Android or
iOS devices, and build an example application that makes use of those
APIs. For instance, the application could generate a key pair, enroll
a certificate for it, and then use it either directly in the
application or enable the usage of the enrolled end user certificate
in the native browser of the operating system. Additionally, the
security of the key pair can be evaluated, i.e., how well it is
protected in the operating system, is any hardware based protection
mechanisms used, and how successful they are protecting the key pair
against theft and unauthorized usage in the case where the device has
been rooted, for instance. The outcome of the assignment is a demo
performed on a chosen operating system, and a written report
describing the demo application and considerations on implementation
issues. Optionally the report can contain an analysis on how well the
key pair is protected by the operating system and hardware, if
applicable, against attacks. It is likely that this work would lead to
an MSc thesis topic.
Note: This assignment is intended to lead to an MSc thesis
topic later this year.
Required Skills: Development experience either on iOS or Android platforms, basic knowledge of security.
Nice to have:: Experience in server-side software development
References:
Status: Open
As a measure against rising identity theft, online vendors and services typically require a person to verify his or her identity using questions about personal information. In recent time, this verification has progressed from asking for one's "mother's maiden name" to a more elaborate set of personal questions. The effectiveness of these questions must be evaluated from two important and interrelated aspects: security and usability. While the security angle has been explored somewhat in the literature, usability aspects have received comparatively less attention. The goal of the assignment is to design, implement, and conduct a study that can examine online user behavior when presented with these questions. The results will be analyzed to gain insight on the effectiveness of the questions from the usability as well as security point of view. This will involved the following tasks:
Required Skills: HTML/CSS/AJAX/Javascript/PhP/MySql
Nice to have: Interest or background in conducting user studies and/or usability evaluations, Basic statistics.
References:
Status: Open.
"Zero-interaction authentication" refers to authentication by detecting the presence of a nearby device without any other user interaction. An example is BlueProximity (source, binary) which automatically lock/unlock the desktop if a paired Bluetooth device is nearby. Zero-interaction comes at the cost of vulnerability to relay attacks. The objective of this thesis is to study the possibility of addressing this problem by having two devices compare their "contexts" as perceived by various sensors on those devices. Contextual variables include ambient audio, location, WiFi broadcast traffic, identities of nearby devices and so on. (Here is a short presentation on the topic). The work will involve the following tasks:
Required Skills:
Development experience on mobile platforms (e.g., Android) and PC
platforms (e.g., Linux). Basic knowledge of security and
cryptography.
Nice to have:
Familiarity with Bluetooth specification, prior experience in user studies.
Status: Open.
The goal of this thesis is to develop a collaborative editing application on portable devices that provides users the awareness of data usage. The collaboration model is designed in a distributed manner. However, for the sake of simplicity, we propose to implement it based on a central server. The data is stored locally in user devices/machines while its clone is stored on the server as well. Here is a more detailed description of the topic. The work will involve the following tasks:
(Topic proposed by Hien Truong)
Required Skills: Good programming skills in Java, Knowledge of
mobile app development (esp. Android), Background in distributed systems.
Nice to have: Knowledge of collaborative systems, access
control and usage control; Experience conducting user studies.
Status: Open.
Linux Containers is a lightweight isolation mechanism supported by the Linux kernel. There are also various mandatory access control schemes that are built using the Linux Security Modules (LSM) infrastructure. The objective of this thesis is to investigate novel applications of using these features to construct (and tear down) dynamic isolated domains on demand. Possible applications include (a) a more user-friendly means of specifying access control for user data and assigning privileges for applications or (b) extending the domain securely across the device boundary to another device (e.g., allowing apps on a user's phone to communicate securely with the same apps on the user's tablet). The topic is loosely defined at this stage and we expect the student to take an active role concretizing it. The work will involve:
Required Skills: In depth experience with Linux Containers, Smack and Linux Security Module hooks, Good knowledge of operating system concepts, expertise in C programming.
Nice to have: Prior experience in conducting user studies,
Prior experience administering Linux systems, Prior experience in
Linux software packaging
Status: open.
Ordinary users having to make decisions about installing apps or downloading content often have inadequate information to decide if the apps or content are safe and appropriate for them. Centralized vetting schemes (either by experts or by crowd sourcing) is one way to address this problem. A complementary way is to gather feedback from the user's social groups, and present them to the user in a way that can help the user make the decision. The work will involve:
Required Skills: Expertise in programming in multiple platforms
(apps for social
networks, web services, mobile platforms)
Nice to have: Prior experience in conducting user testing;
statistical analysis.
Status: Open.
We do collaborative research with universities outside Finland. Some of them have student exchange agreements with the University of Helsinki. If you are interested in doing a thesis abroad in one of these places, make a formal application to the department (instructions are here and send e-mail to Prof. Asokan with a short description of where you want to go and what topic interests you along with your current CV and transcripts.
The Mobile Networks department at the Fraunhofer Secure Information Technology Institute (Fraunhofer-SIT) has several thesis topics in the following areas:
If you are interested working at Fraunhofer-SIT on any of these topics, contact me and I will put you in touch with them. Final selections will be made by Fraunhofer-SIT.