Student Projects

In this page you can find our offering for semester projects. Students who are interested to do a project are are encouraged to have a look at the Thesis & Project Guidelines from the MLO lab, where you fill gain understanding about what can be expected us and what we expect from students.

Available MSc, BSc and PhD Semester Projects

Last Update 17th May 2019

Project 1

Counteracting deepfakes

Recent advances in deep learning-based style transfer enable the creation of realistic “deepfakes”: often believable fake images or videos. This is already used for disinformation, harassment campaigns targeted at journalists and activists in developing countries.

In this project we use the techniques from adversarial machine learning to create defenses against one popular open-source tool to create deepfakes. The students are expected to have familiarity with tensorflow and adversarial examples.

Requirements

  • Good knowledge of deep learning: backpropagation, stochastic gradient descent
  • Experience with implementing machine learning models
  • Familiarity with image adversarial examples
  • Knowledge of one of the existing machine learning frameworks: PyTorch, TensorFlow, Keras; cleverhans

Applying to this project

This semester project is aimed at one MSc/PhD student. For applying please send your grades and CV to Bogdan Kulynych.

Project 2

Adversarial machine learning for privacy

Machine learning techniques have become widely used in privacy-invasive applications, like website traffic fingerprinting, facilitation of video and audio surveillance, inference of private attributes from seemingly non-sensitive information (e.g., Cambridge Analytica case).

In this project we investigate the potential of exploiting inherent deficiencies in machine learning models to protect private information. The students will use techniques from adversarial machine learning to interfere with operation of image recognition models, or text classifiers.

Requirements

  • Good knowledge of deep learning: backpropagation, stochastic gradient descent
  • Experience with implementing machine learning models
  • Familiarity with adversarial examples is welcome
  • Knowledge of one of the existing machine learning frameworks: PyTorch, TensorFlow, Keras; cleverhans

Applying to this project

This semester project is aimed at one BSc/MSc/PhD student. For applying please send your grades and CV to Bogdan Kulynych and Giovanni Cherubin.

Project 3

Efficient blacklisting of anonymous users

Anonymous credentials allow users to authenticate to service-providers without identifying themselves. For example, Wikipedia editors could use an anonymous credential to prove to Wikipedia that they are legitimate editors, without revealing their identity. In this way, editors can anonymously edit sensitive document.

Malicious users, however, can abuse this anonymity for other nefarious purposes. For example, a malicious user could deface Wikipedia pages, while hiding behind the strong anonymity provided by the anonymous credentials.

To solve this conundrum, researchers have developed a construction called blacklistable anonymous credentials. Users of blacklistable anonymous credentials are always anonymous, but service providers can blacklist misbehaving users. For example, Wikipedia can blacklist malicious misbehaving editors without ever needing to identify such users. The construction is very interesting. Unfortunately, it is also inefficient. Too inefficient for, e.g., Wikipedia, to use in practise.

Blacklistable anonymous credentials give very strong anonymity guarantees. In practise we can weaken this guarantee without too bad effects. In this project, we explore if a weaker trust assumption allows us to make blacklisting faster and applicable to Wikipedia. We will adapt the existing protocols, implement them, and set up an experiment to validate the increase in efficiency.

References: Patrick P. Tsang, Man Ho Au, Apu Kapadia, Sean W. Smith: BLAC: Revoking Repeatedly Misbehaving Anonymous Users without Relying on TTPs. ACM Trans. Inf. Syst. Secur. 13(4): 39:1-39:33 (2010)

Requirements

  • Some cryptography background (experience with cryptographic libraries and cryptographic implementations are a plus)
  • Good programming skills (e.g., Python and Javascript).

Applying to this project

This semester project is aimed at one BSc/MSc(/PhD) student. For applying please send your grades and CV to Wouter Lueks and Kasra EdalatNejad

Project 4

Fighting traffic correlation on the Tor network

The anonymous communication network Tor [1] has been designed to support internet browsing at a low bandwidth overhead. However, this design choice comes at a price: Tor is vulnerable to end-to-end traffic correlation. Tor assumes that doing an end-to-end correlation attack is difficult, because it is costly to observe both traffic going into the Tor network and traffic coming out of it. However, that is not always true, for example when communicating parties reside within the same country or network. This occurs quite often. In messaging and electronic voting, both parties are typically in the same country or on the same network.

However, messaging and electronic voting, do not require high throughput. By focussing on these specific scenarios, we can design anti traffic-correlation techniques that have low bandwidth overhead. In this project we will investigate one potential technique that sends constant rate cover traffic to/from the Tor network. This cover traffic then hides the real communication patterns.

This project has two aspects: (1) design a cover traffic mechanism that has low overhead, yet is difficult to circumvent for attackers; and (2) extend the Tor software to implement this mechanism.

References: [1] Roger Dingledine, Nick Mathewson, Paul F. Syverson: Tor: The Second-Generation Onion Router. USENIX Security Symposium 2004: 303-320, https://svn.torproject.org/svn/projects/design-paper/tor-design.pdf

Requirements

  • Good software engineering skills (C essential)
  • Some experience with networks is a plus
  • Not scared of a large existing code base with imperfect documentation.

Applying to this project

This semester project is aimed at one BSc/MSc student. To apply please send your grades and CV to Wouter Lueks.

Project 5

Breaking the curse of multiple devices: handling many keys

Modern cryptographic protocols promise users the world: secure digital payments, end to end encryption for email and messaging, anonymous authentication, etc. However, for security these protocols rely on cryptographic keys. And these keys are stored on the users’ devices, because they are too long to remember.

Managing these keys is challenging. Users must guard the keys well to ensure security. At the same time, users nowadays have multiple device. And users want to use these devices — and therefore their keys — interchangeably. The naive solution to duplicate the key to all devices, is not only cumbersome, it is also dangerous. Duplicating the key increases the attack surface: An attacker that compromises any of the user’s devices can steal and abuse the user’s key. The good thing about duplicating the key is that the user can always recover it as long as she retains one device.

Earlier we proposed Tandem, a mechanism that enables a user to split her cryptographic key between her single device and a central server. Since the full key is never on the user’s device, an attacker that compromises the device therefore cannot steal the user’s key.

In this project we will adapt this mechanism mechanism to securely distribute the user’s key over multiple devices so that users can use their key from any of their devices and recover their keys as needed, while ensuring that attackers can never steal the key.

This project consists of two parts: (1) adapt Tandem to the multi-device setting, and (2) implement it to provide a secure and robust implementation of a cryptographic protocol such as signing Bitcoin transactions, decrypting email, or authenticating anonymously using attribute-based credentials.

References: Wouter Lueks, Brinda Hampiholi, Greg Alpár, Carmela Troncoso: Tandem: Securing Keys by Using a Central Server While Preserving Privacy. CoRR abs/1809.03390 (2018)

Requirements

  • Some cryptography background (experience with cryptographic libraries and cryptographic implementations are a plus)
  • Good programming skills (e.g., Python and Javascript).

Applying to this project

This semester project is aimed at one MSc/PhD student. To apply please send your grades and CV to Wouter Lueks.

Project 6

Conformal Prediction for (In)Security

Conformal Prediction (CP) are Machine Learning methods that allow wrapping standard Machine Learning models to produce predictions that have a guarantee on the errors they commit. More specifically, they output a set of possible predictions, which contain the correct prediction with a chosen probability. They have numerous applications in fields where a strong notion of confidence is needed (e.g., drug development, nuclear fusion centers).

The student will learn about CP, and explore its application to security and privacy contexts, such as traffic analysis and inference attacks. Depending on the student’s preference, this project can evolve into either a more practical or a more theoretical project.

Along the process, the student may optionally contribute to our CP tool, which is written in Rust.

Requirements

  • Good knowledge of common Machine Learning methods
  • Knowledge of basic statistics and probability theory
  • Good programming skills: Python (required), Rust (optional)
  • (Desirable) Basic understanding of Machine Learning -based attacks (e.g., traffic analysis or membership inference).

Applying to this project

This semester project is aimed at one MSc/PhD student. To apply please send your grades and CV to Giovanni Cherubin.

Project 7

Website Fingerprinting as a Service

Website Fingerprinting (WF) attacks allow an adversary to discover what web pages a victim is browsing, by only looking at the encrypted network traffic she produces. Previous work observed that WF attacks are possible particularly because of differences in the webpages’ objects (e.g., images, stylesheet files, …).

The student will explore the idea of a server that, upon request, measures the security of a website against Website Fingerprinting (WF as a service): the owner of a website hosted on the Tor network (.onion site) should be able to query this service, and be informed on how “fingerprintable” their website it.

Requirements

  • Excellent software engineering skills (Python and optionally Rust)
  • Experience with Machine Learning tools and libraries
  • Basic understanding of traffic analysis attacks

Applying to this project

This semester project is aimed at one MSc/PhD student. To apply please send your grades and CV to Giovanni Cherubin. Sandra Siby, and Bogdan Kulynych.

Project 8

Private information retrieval based privacy-preserving search

Privacy-friendly search engines such as DuckDuckGo do not track users, personalize search results, or store search queries. However, to answer a search query, the search engines must still see every query. For some users, such as journalists, search queries can be very sensitive. So sensitive, in fact, that journalists are not always willing to trust the search provider with their query.

In this project, we explore how a search engine can answer queries without learning anything about the query using private information retrieval (PIR).

Private information retrieval allows a client to retrieve a record from the server without revealing to the server which record the client accessed. One approach to build a privacy-preserving search is to create an index and allow clients to retrieve the relevant results with PIR.

This project has two steps. First, you will study the PIR literature and explore its application in the privacy-preserving search. Second, you will design a new scheme or customize an existing scheme for this problem. The second step can be tailored to fit the project level.

References:  Eyal Kushilevitz, Rafail Ostrovsky: Replication is NOT Needed: SINGLE Database, Computationally-Private Information Retrieval. FOCS 1997: 364-373

Requirements

  • Good knowledge of cryptography

Applying to this project

This semester project is aimed at one MSc/PhD student. MSc students can choose this project as either a Master Thesis or a semester project. For applying, please send your grades and CV to Kasra EdalatNejad.

Project 9

Improving F-BLEAU

Black-box security techniques are methods for measuring the information leakage of a system without knowing its internals. They have applications in several security and privacy fields, such as side channels, traffic analysis, and location privacy.

F-BLEAU [1] is a very recent black-box security tool based on Machine Learning classification techniques, which exploits their optimality guarantees to obtain estimates.

In this project, the student will learn about F-BLEAU, extend its functionalities, and possibly apply it to new security of privacy problems. Ideally, the student should enjoy theoretical work; however, this project will also require practical evaluation.

[1] https://github.com/gchers/fbleau

Requirements

  • Good knowledge of Machine Learning (minimum: has attended a basic course)
  • Good programming skills: Python (required), Rust (optional)

Applying to this project

This semester project is aimed at one MSc/PhD student. MSc students can choose this project as either a Master Thesis or a semester project. For applying, please send your grades and CV to Giovanni Cherubin.

Project 10

Conformal Prediction library

Conformal Prediction (CP) are Machine Learning methods that allow wrapping standard Machine Learning models to produce predictions that have a guarantee on the errors they commit. More specifically, they output a set of possible predictions, which contain the correct prediction with a chosen probability. They have numerous applications in fields where a strong notion of confidence is needed (e.g., drug development, nuclear fusion centers).

The goal of this project will be to improve an existing CP library, random-world [1], and extend it to the most recent CP techniques. The library is written in Rust.

[1] https://github.com/gchers/random-world

Requirements

  • Strong software development skills
  • Experience with Rust (preferable), or similar languages
  • Basic knowledge of Machine Learning methods

Applying to this project

This semester project is aimed at one MSc student. MSc students can choose this project as either a Master Thesis or a semester project. For applying, please send your grades and CV to Kasra EdalatNejad.