Introduction to Security

The Final Project

Overview

We have covered a plethora of security topics in this class. For the final project in the class, you will delve into a current security issue of your choice.

Outcomes

My hope of this final project is that you will:

Specialize in a current security issue of your choice
Gain hands-on experience in the field
Demonstrate technical knowledge
Communicate clearly to a community
Practice writing

History

There is a very rich history of past projects in this class including:

Network Anonymity Through "MAC Swapping" by Andrew Sayler (spring 2011); published in autumn 2011 issue of 2600: The Hacker Quarterly
Getting Harder to Catch: Analyzing the Evolution of China's Cyber Espionage Campaigns against the United States through a Case Study of APT1 by Winnona DeSombre (fall 2016); published in Volume 19, Spring 2017 Issue of Sigma Iota Rho's Journal of International Relations (SIR is the Honors Society for International Studies)
Blast Accusations for Cybersecurity Intel by Adam Kercheval (spring 2018); published in spring 2019 issue of 2600: The Hacker Quarterly
In-Browser Cryptojacking: An Old Threat in a New Guise by Pulkit Jain (spring 2018); published in spring 2019 issue of 2600: The Hacker Quarterly
Beyond the Breach: An In-Depth Look into the Cyberinsurance Industry by Shaikat Islam (fall 2019); to be published in upcoming issue of 2600: The Hacker Quarterly

An archive of past final projects is available at http://www.cs.tufts.edu/comp/116/archive/.

Instructions

For this final project, you must:

Provide a detailed outline
Write a paper, 6 pages maximum
Provide your own supporting material that complements your paper

The Outline

An outline is an important part of a CFP (Call For Papers) submission to a major conference, and it will make or break submission. A good read on how to make your CFP and your outline stand out: https://www.defcon.org/html/links/dc-speakerscorner.html#nikita-cfp.

The Paper

The following are the guidelines for the paper:

Required sections of paper, in the following order:
- Abstract
- Introduction
- To the Community - Why did you choose this topic? Why is this important to know? This section must be immediately after the Introduction.
- Background information, details, drum roll, etc...
- One of the following before the concluding paragraph:
  - Action Items - In your own words, what do people need to do about the subject matter?
  - Defenses - Recommended if you work is attack-oriented. In your own words, how do you defend against the subject matter?
  - Applications - Recommended if your work is more theoretical. In your own words, how can you apply your subject matter to the real world?
- Conclusion or Summary
- References - You must use at least five (5) high-quality references.

The Supporting Material

Along with your paper, you must produce a supporting material for your paper. Options:

Source code. This can be a demo, an exploit, a new security tool, an extension to an existing security tool or product, a script, a proof-of-concept, or an analysis of the source code. You can use any programming language and there is no requirement for lines-of-code that you have to write. Any source code that you write must be made public on GitHub
A video. Must be at least five (5) minutes long.
A conference presentation slide deck in PDF format on your work and findings. Imagine you are giving a 45-minute talk at a major security conference.

IMPORTANT: This supporting material must be made publicly available.

Ideas

Electronic voting
Ransomware
Analyzing life safety and medical devices
Software Defined Radio (SDR)
Reverse engineering an Internet of Things (IoT) thing
Any collaborative cyber effort with government (all levels), International Relations
A better understanding of attribution and deterrence
See https://www.defcon.org/html/defcon-22/dc-22-cfp.html
See https://www.defcon.org/html/defcon-23/dc-23-cfp.html
See https://www.defcon.org/html/defcon-24/dc-24-cfp.html
See https://www.defcon.org/html/defcon-25/dc-25-cfp.html
See https://www.defcon.org/html/defcon-26/dc-26-cfp.html
See https://www.defcon.org/html/defcon-27/dc-27-cfp.html
See https://www.wallofsheep.com/pages/call-for-presentations-at-def-con-26
Some junk hacking

Unacceptable Ideas

Some junk hacking
Modding a video game console
Anything pertaining to glitches
Securing WordPress
Any general and broad paper on Bluetooth vulnerabilities
Any general and broad paper on ransomware
Any general and broad paper on the insecurities of the Internet of Things (IoT)
A paper pertaining to cryptocurrency
A paper on the blockchain and how it will change the world

Assessment and Rubric

Your final project will be graded on the following:

Paper (75%)
1. Abstract (5%; see below)
2. Outline (5%; see below)
3. Content and structure
4. Language
5. References
6. Knowledge and wisdom
7. Community service
8. State-of-the-art
Supporting Material (25%)

See http://www.giac.org/media/certifications/gold/gold_rubric.pdf for the rubric I will use for grading the paper

Deliverables

Abstract (Due on Sunday, March 14th at 11:59 PM PDT). Your abstract shall not exceed 250 words. In-line submission on Canvas only. Token and grace period does not apply for final project deliverables.
Detailed outline of your paper, including title and some references (Due on Sunday, April 11th at 11:59 PM PDT). You must also provide an idea for your supporting material. Only PDF, TXT, DOC, or DOCX will be accepted. Token and grace period does not apply for final project deliverables.
Your entire final project (Absolute Deadline on Wednesday, May 5th at 11:59 PM PDT). No submission will be accepted after 11:59 PM and you will receive a 0 for the final project!

Bonus

Should your final project is published to a Cyber Security or tech magazine or journal, or is accepted to a major security conference including HOPE in July (bi-annual), DEF CON, BSides, USENIX Security, DerbyCon, O'Reilly Security, etc., I reserve the right to change your final grade.