CS38, Security and Privacy, Spring 2005
This list is intended as a guideline. You can choose one of the tasks suggested here, a similar task, or a completely different security-related task (even one involving social engineering, although that would require seeking appropriate permissions from the College, since experiments involving people generally require explicit official approval). In either case, please talk to me so that I can confirm your choice of the project.
1. Implement the Kocher timing attack on RSA. You can use an unoptimized textbook implementation of RSA. More information about this task is at CS38 HW3, 2004.
2. Implement the attack on the low private exponent described in Boneh, Twenty years of attacks on RSA.
3. Find an example of a real world protocol with a handshake flaw such as described in the textbook (Kaufman et al.) Chapter 11, and demonstrate how it can be exploited.
4. Realize one of the recent attacks on WEP, see WiFi info (or, better, on EAP/LEAP).
1. Extend the kstat kernel integrity tool: add checks for selected dispatch tables such as virtual filesystem tables.
2. Extend the kmemseek tool (ask me for the prototype code) that helps to detect hidden processes on Linux by finding and interpreting memory regions that look like process table entries for a running process (struct task_struct).
3. Analyze a modern kernel rootkit (look for published ones on packetstormsecurity.nl or elsewhere).
Alternatively, you can analyze a Windows kernel rootkit.
1. Hack the Linux dynamic linker ld-linux.so to log information and perform ad-hoc checks when libraries and loaded and functions are dynamically linked. You can start with a provided prototype.
2. Write a tool that would add a given executable payload to an ELF binary and modify the binary headers appropriately so that it retains its intended functionality. The code's activation method is up to you -- you can have it run before the executable starts or interpose itself into a standard library function call. Such code could be used in an ELF virus or as framework for inserting trapdoors to catch intruders.
1. Implement a covert channel that piggy-backs on a standard protocol. Design a reasonable authentication method for it.
2. Investigate a cheap commodity firewall (I will provide one or two) for statefulness, handling fragmentation and insertion/deletion attacks.
1. Find and fix a vulnerability in an open source program. Crashing the process with crafted input or causing a DOS condition for server-type software will be sufficient; exploiting it to inject and run your own code will be even better.
2. Write a tool to assist in finding signed vs unsigned vulnerabilities either in C or in binary code. "Exploiting software" by Viega and Hoglund suggests an approach to this task: look for cases when a memory location participates in both signed and unsigned comparisons. The use of a disassembler tool or library will be required here.
1. Construct a wireless MITM attack on an existing application. It is important not to interfere with people's use of the network; in particular, in Sudikoff experiments should be limited to channel 11.
2. Construct a fake portal that would capture use credentials and then hand them off to the real portal.
Back to Dartmouth CS Home Page
Sergey Bratus