course: Master Project on Network and Data Security

number:
142241
teaching methods:
project
responsible person:
Prof. Dr. Jörg Schwenk
Lecturers:
Prof. Dr. Jörg Schwenk (ETIT), M. Sc. Robert Merget (ETIT)
language:
german
HWS:
3
CP:
3
offered in:
winter term and summer term

dates in winter term

  • kick-off meeting: according to agreement

dates in summer term

  • kick-off meeting: according to agreement

Exam

Form of exam:project
Registration for exam:None
continual assessment

goals

The students analyse the security of selected protocols and implementations (e.g. TLS, IPsec, JSON Web Crypto), or implement their own tools for specific security analyses (e.g. plugins for Burp Suite).

content

The practical course is an unguided reasearch practical course. It covers only one topic, which the students work on independently. Depending on the topic, you will be assigned the appropriate supervisor.

For clarification: It is not intended that they work through different topic blocks one after the other (as is the case with the basic internships), but they will deepen only one topic in the internship. Depending on the agreement with the supervisor, the work can be carried out during the semester (e.g. 3 hours a week), or summarised as a block (approx. 40 hours in total); depending on the availability of the supervisor, work can also be carried out during the semester break.

The list of topics only represents keywords; the detailed discussion and final definition of the topic takes place together with the respective subject supervisor.

A project task is worked on under guidance. Topics are questions of network and data security. Examples are the software implementation of XML-based protocols or TLS.

Translated with www.DeepL.com/Translator

requirements

keine

recommended knowledge

Grundlagen der Kryptographie, Datensicherheit und Netzsicherheit, Programmierkenntnisse (nachweisbar z.B. durch eine erfolgreiche Teilnahme am Praktikum Security Appliances)

miscellaneous

Die Themenvergabe für dieses Projekt erfolgt jederzeit nach individueller Absprache mit den Mitarbeitern des Lehrstuhls bzw. mit Herrn Merget.

Verfügbare Themen (beispielhaft):

Betreuer Thema
Rösler Instant Messaging / Group Communication in Instant Messaging (WhatsApp/Signal)
Merget Scanning for TLS BEAST mitigations
Merget Scanning for TLS Client Authentication
Merget Scanning for Missing GCM-Ghash Check
Merget Creating DockerImages for Old Browsers
Merget Writing a TLS-Client in Flash
Merget Integrating RAW Public Keys into TLS-Attacker (RFC 7250)
Merget Integrating GPG TLS Authentication into TLS-Attacker (RFC 6091)
Merget Integrating the new EllipticCurve Engine into TLS-Attacker
Merget Integrating Arbitrary Prime Curves into TLS-Attacker
Merget Implement TLS SessionTickets for TLS 1.2 into TLS-Attacker
Merget Using the AFL Fork-Server in Java
Merget Accessing Shared Memory from Java
Merget Integrating the Truncated HMAC-Extension into TLS-Attacker
Merget Integrate the NPN Extension into TLS-Attacker
Merget Integrate X448 and X25519 for TLS 1.2 into TLS-Attacker
Merget Integrate Named DH Groups into TLS-Attacker
Merget Integrate Fortezza into TLS-Attacker
Merget Integration Testing of SRP in TLS-Attacker
Merget Implementing Export Ciphersuites in TLS-Attacker
Merget Integrating ESNI into TLS-Attacker
Merget Scanning for unencrypted F5 BigIp Cookies
Merget Scanning for eTLS
Merget Scanning for TLS 1.3 0-RTT
Merget Scanning for weak Debian Keys
Merget Scanning for MTA-STS

Sie könen sich jederzeit per E-Mail an robert.merget@rub.de zum Praktikum anmelden. Geben Sie dazu Anrede, Vorname, Name, Matr.-Nr., Studiengang und Semester sowie das gewälte Thema an. Vor Ihrer Anmeldung sollten Sie sich zunächst mit einem Betreuer in Verbindung setzen, um die Verfügbarkeit des Themas, den Umfang und die Vorgehensweise abzusprechen.

Wenn Sie sich für ein Thema interessieren, fügen Sie Ihrer Anfrage eine kurze Beschreibung Ihrer Kenntnisse bei (Programmiererfahrung, Betriebssystemkenntnisse, etc.), die Ihrer Meinung nach für eine erfolgreiche Bearbeitung des Themas hilfreich sind.