Mihir Bellare, UCSD1

CSE 191: Beyond Courses

Mihir BellareUCSD

Research, Projects and Philosophy of Life

Mihir Bellare, UCSD2

Discussions with instructor prior to proposal and report are encouraged!

Item Due

Proposal April 19, electronically

In class presentation June 8

Written project report & meeting June 8—14

Project • Should be related to cryptography and security.• Theory, implementation or both.• Individual or in teams of size at most 2.

Intent is to allow you to take the lead, explore, get exposure to research.

Mihir Bellare, UCSD3

Project Proposal

Think of as a proposal to the NSF.What you plan to do.

Intellectual merit: new ideas, why this is interesting.Broader impact: why it matters, how it makes the world better.

Expected deliverables.

One page typeset (latex encouraged!) document.

It’s ok if you deviate from the proposal in your project.You may change things.You may scale the scope up or down.

Mihir Bellare, UCSD4

Written Report

Typeset (latex encouraged!) document

Quality of exposition in the report is an important criteria for grade.

Clear, concise, convincing.Explain motivations, methodology, findings, prior work, conclusions.Use correct mathematical language.Make it accessible.Show critical judgement. Sell your ideas!Think of as a conference submission.

Mihir Bellare, UCSD5

Teams

Not all partners are as bad as Calvin …Consider working with a partner.Expectations for team projects are somewhat higher.But you can benefit by combining expertise.

Mihir Bellare, UCSD6

Process

I meet individually with each team.Usually this is done during class time.

Alternatively (and if we have too many teams) I can arrange meetings in my office, different days and times. May be more convenient for everyone.

Mihir Bellare, UCSD7

Your project should beFun for you

Interesting for othersValuable, Sellable, Doable

Find something you would like to doConvince instructor it is worth doing

Try to figure out what instructor wantsHate it, try to do it anyway

NO YES

Think of purpose of project as being to

LearnUnderstand

Think of purpose of project as being to

CreateCritiqueInform

DoSurprise

Make the world a better place

Mihir Bellare, UCSD8

Project directionsApps

Gmail encryption pluginFacebook encryption plugin

On-line casinoCommitment app

Google drive encryption

AttacksTLS, Logjam

WEPImplement, test

EducationalVideos, tools

Interesting implementationsImplementing AES is boring …Instead, interesting primitives

Novel platformsTarget high performance

StandardsCAESAR competition

Password hashing competitionRFCs: 6955, 6979, …Formalize their goals

Analyze methods, give new ones

SystemsBitLocker, FileVault

iPhone or Android appsAndroid LVL obfuscation

OTR & secure messagingTLS 1.3

Pond

PrimitivesNew security notions

Relations between notionsSubversion

All things related to Snowden and FBI revelations.Figure out what is going on.Threats, attacks, defenses.

Mihir Bellare, UCSD9

Some (somewhat) more specific possibilities

Signing in adobe pdf

Apple vs. FBI

We draw our signature or insert an image of it. Can this be extracted from the pdf by an attacker to create a forged document?Study iOS security architecture document. Figure out issues. Specify goals and explore changes to the password mechanism that could reach them. https://www.apple.com/business/docs/iOS_Security_Guide.pdf

Secure messaging

Study secure messaging systems like whatsapp or OTR. What crypto do they use and how good is it? Implement your own, easy to use, secure text-messaging app. http://www.jbonneau.com/doc/UDBFPGS15-IEEESP-secure_messaging_sok.pdf

DES/AES with linear round functions

Find attacks on block ciphers like AES, DES in the case the round functions are simple functions like linear ones.

Better password-based authentication.

Sending password in clear over TLS is bad due to server compromises. There are better protocols. Specify and implement them.

Mihir Bellare, UCSD10

Some (somewhat) more specific possibilities

No more randomness

Number theory made easy

Attackers subvert the randomness used by encryption. Our group has developed nonce-based cryptography in response. Instantiate, implement, add to PGP.

Design and implement an educational aid for number theory in cryptography.

Constrained collision-resistance

Revisit the security of the MD transform underlying the SHA1 and SHA2 families of hash functions.

AES-GCM-SIVAnalyze the security of this authenticated encryption scheme now under consideration for standardization by cfrg. http://www.ietf.org/id/draft-gueron-gcmsiv-02.txt

Let’s Encrypt Analyze the security of this free, simple certificate issuing service. https://letsencrypt.org/

Mihir Bellare, UCSD11

Some (somewhat) more specific possibilities

ZRTPThis key exchange protocol is used in Silent Circle, an encrypted voice/video/text service. Study it and analyze its security. http://blog.cryptographyengineering.com/2012/11/lets-talk-about-zrtp.html

Deterministic PKEDevelop definitions, schemes and security proofs for message-recovery security of public-key dependent messages for D-PKE and related primitives.

Mihir Bellare, UCSD12

Educational tools

Improve and extend PlayCrypt

To explain and illustrate cryptographic concepts from CSE 107.

Animations and videos

This is the Python-based system for implementing cryptographic games used in CSE 107, started by Aviv Kiss.

Mihir Bellare, UCSD13

Learning?Getting good grades?Getting a good job?

Eventually making lots of money?Eventually being famous?

What is the purpose of education?

Another answer: The purpose of education is self discovery.

What do I really want to do with my life?What am I good at?

What am I not good at?How does what I do help?

Mihir Bellare, UCSD14

There is an established body of knowledgeExperts agree upon itYour job is to learn itYou learn the rules

You become an expert

COURSES RESEARCH, BEYOND COURSES

Question, challenge, critiqueEstablished knowledge can be flawed

CommunicateCreate

Mihir Bellare, UCSD15

Disciplines often start as revolutions. But over time, a discipline becomes NORMAL SCIENCE.

Students are assimilated into the culture.

The GREAT works are the Model Revolutions and Paradigm Changing ones. Assimilation into the culture moves you away from such work.

The disciplinary culture becomes a RELIGION.

Mihir Bellare, UCSD16

Be an ARTIST

Make your papers BEAUTIFUL, AESTHETIC, CREATIVE. They are how you express YOURSELF.

Mihir Bellare, UCSD17

Authenticity

Hear your inner voice. Express yourself.

It’s HARD!

So much pulls us away from that voice.

But authentic work and writing has a quality and impact that is tangible.

Mihir Bellare, UCSD18

Unlearning

It is easy to learn.The hard thing is to unlearn.

Daniel Boorstin

The biggest obstacle to discovery is not ignorance. It is the illusion of knowledge.