You must write one report and complete one risk analysis during this course.
Choose one of the suggested topics listed below. You may also suggest your own topic. Any topic not on the list below requires approval from the course staff. The report must be written in Norwegian or English. A report should contain between 5 and 10 pages of text (not including title page and abstract). Two students may collaborate on a report, in this case the report must contain 10 pages of text. Only reports in the PDF format will be accepted.
The report must be turned in on time. If you fail to meet the deadline, you'll automatically fail the course.
- What is it?
- Why is pharming so dangerous?
- How can be protect against pharming?
- Cross-Site Request Forgery.
- What is it?
- Describe some CSRF attacks
- How can be protect against CSRF?
- Give an overview of common web-based attacks.
- Who publishes lists of common attacks?
- Are these lists useful?
- Is it enough to protect against the attacks on these lists?
- Identity theft.
- What is it?
- How can you protect yourself?
- Do we need better authentication techniques?
- Introduction to (D)DoS.
- What is (D)Dos?
- Describe some common (D)Dos attacks
- How can you defend against (D)DoS attacks?
- WiFi security.
- Describe the problems with WEP
- How does WPA alleviate these problems?
- Describe WPA2 (802.11i)
- Password cracking.
- Explain why passwords are vulnerable to cracking
- How are rainbow tables used to crack password hashes?
- Discuss methods for storing passwords on a server
- PKI architectures.
- Give an overview of different architectures
- When should the different architectures be used?
- Cryptographic modules.
- What is a cryptographic module?
- How are cryptographic modules used?
- Why is some cryptographic modules vulnerable to attacks?
- Introduction to risk management.
- Describe the steps in a risk management process
- Illustrate the steps with a case study
- Describe the main goal of risk management
- Security and usability.
- Describe a development process for secure and useable applications
- Why is it important to consider both security and usability from the start?
- What can we learn from open-source collaborative techniques?
- Describe (traditional) non-repudiation
- Is non-repudiation really possible in practice?
- Discuss practical alternatives to non-repudiation
Form a group of 3 to 5 members, choose one of the listed topics for risk analysis, or suggest another topic to be approved by the course staff. A group gets 25-40 minutes to present their analysis in class. The slides accompanying the presentation should be written in Norwegian or English. The slides must be handed in on time.
- A Cashless Society.
- What are the consequences for electronic payment systems?
- Will a society as a whole save money in the long run?
- Will black markets be affected?
- Digital signatures and non-repudiation.
- Is it possible to realize a digital signature service providing a high degree of non-repudiation?
- How do we best ensure that all parties have the same degree of non-repudiation?
- Can you give an example of an existing user-friendly non-repudiation service?
- Open wireless networks.
- Is it too risky to deploy an open wireless network on a university campus?
- What can we do to reduce the risks associated with an open network?
- Is it a problem that non-university people access the network?
- Short-lived certificates.
- What are the implications of not using a certificate revocation mechanism?
- Should a PKI for mobile phones utilize short-lived certificates?
- E-voting over Internet.
- Should Norway use its new e-voting system for national governmental elections?
- Is it really possible to build a secure Internet e-voting system?
- What are the main disadvantages?
- What are the main advantages?
- Robustness of national infrastructures.
- What were the reasons national infrastructures went down in 2011?
- Can we make infrastructures that avoid prolonged downtimes?
- Do we need new alternatives to today's systems?
Last updated 16.10.12.