home

SNE Master Research Projects 2009 - 2010

SNE group http://uva.nl/
2004-2005 2005-2006 2006-2007 2007-2008 2008-2009 2009-2010 2010-2011 2011-2012 2012-2013 2013-2014 2014-2015 2014-2015 2015-2016 2016-2017
Contact TimeLine Projects LeftOver Projects Presentations-rp1 Presentations-rp2 Objective Process Tips Project Proposal


Contact

Cees de Laat
tel: +31205257590
room: C.3.152
Course Codes:

Research Project 1 MSNRP1-6 53841REP6Y
Networking Research Project 2 MSN2NRP6 53842NRP6Y
Forensics Research Project 2 MSN2FRP6 53842FRP6Y

Research Projects 1 and 2 (RP1 and RP2)

The course objective is to ensure that students become acquainted with problems from the field of practice through two short projects, which require the development of non-trivial methods, concepts and solutions. After this course, students should be able to:
  • Transform a roughly outlined problem into a carefully defined research question, supported by some level of reading up on the topic.
  • Establish a feasible project schedule for answering the question.
  • Conduct autonomous research to answer the question at hand, using literature searches, studying, experimentation and/or the development of software and hardware.
  • Present solutions to a diverse audience (experts as well as non-experts).
  • Defend solutions in debates.
  • Provide an appropriate report

TimeLine

RP1:
  • Wednesday Oct 8th 2009, 10h15: Introduction to the Research Projects.
  • Dec 16th 2009, 14h30: Detailed discussion on finally chosen subjects for RP1.
  • Monday Jan 4th - Friday jan 29th 2010: Research Project 1.
  • Wednesday Feb 3th 2010: Presentations RP1 in 645.C1.112 @ Science.
RP2:
  • Wednesday ... ..th 2010, 10h00: Detailed discussion on finally chosen subjects for RP2.
  • Monday May 31th - Friday Jun 25th (or Jul 2th) 2010: Research Project 2.
  • Wednesday Jun 30th: Presentations RP2 in  645.C0.110 @ Science.

Projects

Here is a list of student projects for Jan 2010 and/or June 2010. In a futile lightweight way to prevent spamming I replaced "@" by "=>" below.

(Find here the left over projects from this year.)
Color: yellow = currently chosen project. Light blue = project plan received. Light green = presentation and report received.
Light purple = confidentiality was requested.
# title
summary
supervisor contact

students
R
P
1
/
2
1

Self-adaptive Routing.

One of the basic underlying principles of Internet technology is the end-to-end principle. This principle leads to a model where the network is dumb and end-systems contain most of the intelligence for flow-control and traffic orchestration. If the convergence of voice, broadcasting and web and mail traffic continues, networks need to deliver better than best effort services. Therefore, the network has to make intelligent forwarding decisions for specific types of traffic.

In this project, the student is challenged to implement a use-case for better than best effort routing. For this purpose, we will explore how current routing protocols such as OSPF or BGP and current monitoring tools such as NetFlow can be exploited. The strategy is as follows. The student writes a program that uses monitoring tools to gain insight in traffic characteristics. Based on the traffic characteristics, the program implements a decision process, which controls adaptations of OSPF or BGP. This leads to an elementary control loop of observe, decide and act for self-adaptive routing.
Rudolf Strijkers <strijkers=>uva.nl>

Marvin Rambhadjan <marvin.rambhadjan=>os3.nl>
Arthur van Kleef <arthur.vankleef=>os3.nl>
R
-
P
2
2

Load simulation on [Open]Solaris systems.

To facilitate storage for students and employees of the UvA a combination of NFS/CIFS and ZFS is used. The storage server uses the Open Solaris OS, the clients are Linux Desktops. In this setup, performance issues have been identified. To identify/observe these performance bottlenecks various tools and methods are used. Identification of the issues can be done by observing current behavior and compare it to normal behavior. Normal behavior can be defined using load simulations in a test environment and creating is a base-line of ?normal system behavior?. Generating a correct base-line creates the need for a representative workload for the load simulations.

How can the performance bottlenecks be monitored and identified on an OpenSolaris OS NFS server. What are realistic load simulations and create a base-line?

Useful resources:
Jeroen Roodhart <j.r.roodhart=>uva.nl>

Alain van Hoof <alain.vanhoof=>os3.nl>
R
-
P
0
5

Evaluation of the Handle System to identify and retrieve digital objects.

The Handle System is a general purpose distributed information system to identify and retrieve digital objects. AMPAS - the Academy of Motion Picture Arts and Sciences - is a partner in the CineGrid.org community organisation, of which the UvA is founding member.  AMPAS suggested the interest in the applicability of the Handle System for the classification of its film archive. This research should focus on the pros and cons of the Handle System, list possible alternative and provide in case an implementation scenario for the AMPAS/CineGrid usecase. The results of this work would be a recommendations list to be presented to AMPAS.

For more information see:
Paola Grosso <p.grosso=>uva.nl>
Andy Maltz <amaltz=>oscars.org>

Taarik Hassanmahomed <Taarik.Hassanmahomed=>os3.nl>
R
-
P
2
7

Modern Age Burglars.

Until recently alarm systems where connected mostly through the public telephone network to their control room. This set up changed because of the wide availability of Internet and VoIP. A lot of Dutch ISPs provide Internet packages containing an Internet connection and VoIP. This combination is much cheaper then having the telephone line separated from the Internet connection. This is the main reason users decide to switch to VoIP and unsubscribe from their sep- arate telephone connection. To communicate between the alarm system and the control room over the internet a transceiver is needed. This device emulates the telephone signal from the alarm system over the internet to the control room. The transceiver is plugged into the alarm system and connected to a switch or router in the local network.

Compared with the old telephone network which is point to point and not easy accessible, the internet is easier accessible by everyone. The protocols that are used on the internet where not developed with security as primary concern. Over 20 years of the internet it?s clear that security in the different layers of protocols are important.

Is it possible to perform a burglary without getting noticed by influencing the communication between the alarm system and the control room?
Christiaan J. Roselaar <c.roselaar=>itsec.nl>

Kevin de Kok <kevin.dekok=>os3.nl>
Jeroen Klaver <jeroen.klaver=>os3.nl>
R
-
P
1
13

Bright Cluster Manager inc. Fail-over Research.

A cluster consist usually of a master node (at least from the end user point of view) and multiple slave nodes. The master nodes functions as a single point of communication for the end user. Thereby it is also a communication point for the slave nodes as well. In this situation the master node is a single point of failure. When the master node is not working correctly, the whole cluster is not unusable. To prevent this single point of failure, master nodes are usually replicated by means of secondary master nodes. When the primary master node fails, one of the secondary master nodes can take over so the cluster is still usable. This mechanism is referred as failover. There are a lot of things to keep in mind to prevent data corruption and to provide a continuous service for the end users. For example a well known problem that can occur is a "split-brain". This means having duplicate instances of services running (two master nodes for example) which may cause data corruption on the shared storage.

Bright Cluster Manager (formerly known as ClustervisionOS) is cluster management software which has implemented several mechanisms to prevent situations like the split-brain problem. There is no extensible research done on testing these mechanisms. Clustervision knows for a fact the mechanism works, but can they fail or be improved? The research project consists of evaluating the failover mechanism implemented in the Bright Cluster Manager. Some questions we have to answer:
  1. Is it possible to break the failover mechanism?
  2. Is it possible to improve the failover mechanism?
  3. How does the failover mechanism compare to other solutions ?
For our research we will create a virtual cluster on which we will do our practical research. This cluster will run multiple master nodes and multiple slave nodes. We can achieve this in the SNE lab but we also have the opportunity to use hardware at Clustervision to create a more 'real' environment. Website: http://www.clustervision.nl
Martijn de Vries <martijn=>clustervision.com>

Cosmin Dumitru <cosmin.dumitru=>os3.nl>
Niek Timmers <niek.timmers=>os3.nl>
R
-
P
1
15

Horse-ID.

In the EU, all domestic equidae (horse animals) should have a passport that identifies them. As of 1 July 2009, it is also mandatory to implant an RFID tag in the neck of the animal, which corresponds to the passport document.
Reasons for the passport/RFID tagging are:
    * prevent/fight fraud in sports and trade
    * prevent/fight theft
    * keep record of health/ treatment by vets
    * record whether the horse is for human consumption --> when not, more kinds of medicine are allowed

As one of the main goals of the (electronic) identification is to prevent fraud, it is key that its security is adequate. Insecurity may even open up fraud scenario's that would not have been possible without the system of RFID tags and passports.
For more informations, please see: <http://www.pve.nl/wdocs/dbedrijfsnet/up1/ZggmrubIW_PVV9001_paardenpaspoort_LR.pdf>.
Jeroen van Beek <jeroen=>dexlab.nl>

Vic Ding <vic.ding=>os3.nl>
Laurens Bruinsma <laurens.bruinsma=>os3.nl>
R
-
P
1
16

DFRWS Forensics Challenge 2010.

The DFRWS 2010 Challenge primarily focuses on the development of tools and research techniques for analysing mobile phones. In particular the challenge provides the NOR and NAND flash memory of a Sony Ericsson K800i Cybershot. The challenge requires to analyse both memory files and recover any evidence like who was contacted, what messages were sent, pictures, videos, etc.

http://www.dfrws.org/2010/challenge/index.shtml
Hans Wim Tinholt <Tinholt.HansWim=>kpmg.nl>

Joeri Blokhuis <Joeri.Blokhuis=>os3.nl>
Axel Puppe <Axel.Puppe=>os3.nl>
R
-
P
2
18

Performance Measurement.

Performance monitoring seems currently more an art than a science. The network performance between two end hosts can be influenced and limited by a sheer number of parameters, including the capacities and badnwidth usage of individual links in the network, the memory buffer of routers and switches along the way, as well as the memory size, CPU power, bus speed, and hardware configuration of end hosts. Furthermore, runtime parameters such as number of parallel streams, protocols on the network and TCP window size greatly affect the achieved performance. Multiple tools exist today to measure the overall achieved performance. However, these tools sometimes report different measurements and hardly any tools exists to determine these individual parameters, which makes it hard to determine the cause of reduced network performance.

There are two questions to this problem:
  1. Is it possible to determine individual parameters that influence the performance, especially for the (local) host but also the (remote) network?
  2. Is it possible to determine the cause of reduced network performance given these parameters?
Freek Dijkstra <Freek.Dijkstra=>sara.nl>
Jeroen Vanderauwera <jeroen.vanderauwera=>os3.nl>
Alex Giurgiu <alex.giurgiu=>os3.nl>
R
-
P
2
19

Des-Plus encryption on IP over the powernet: HomePlug Security.

This project will revolve around the security of homeplugs. These homeplugs are devices that connect network devices to each other across the powerlines. They can be a nice alternative if Wi-Fi is not powerful enough to penetrate thick walls or cover large distances. This powerline technology could also leak to uncontrolled areas (for example to neighbours), just like Wi-Fi which can also reach neighbours. While Wi-Fi is nearing a more mature stage, including the security of it, the homeplugs are still relatively young. For example the first homeplugs use 56-bit DES[1] encryption, this was considered outdated and insecure since 1998[2][3].

Because the homeplugs appear to be using weak cryptography we question the strength of the security measures, and this is exactly what is going to be investigated. The goal is to find flaws in these homeplugs that allow to eavesdrop on traffic meant to be private.
Christiaan J. Roselaar <c.roselaar=>itsec.nl>

Jeroen Vanderauwera <jeroen.vanderauwera=>os3.nl>
Axel Puppe <axel.puppe=>os3.nl>
R
-
P
1
29

Automatic Network Configuration in Clouds.

Cloud computing is gaining popularity with companies such as Amazon, Google and Microsoft, which already offer resources on demand. The cloud computing paradigm is built on virtualization of computing resources from physical devices. In general this means that virtual machines (VM) can be created and destroyed as requested. Automating virtual network connectivity between VMs is not yet addressed. The goal of this project is to investigate how automatic creation, configuration and teardown of virtual networks can be achieved using the Xen virtualization environment.
Rudolf Strijkers <strijkers=>uva.nl>
Paola Grosso <p.grosso=>uva.nl>

Alex Giurgiu <Alex.Giurgiu=>os3.nl>
R
-
P
1
30

SSD performance.

SARA recently bought six Solid State Drives (SSDs) in order to increase disk I/O for demanding applications. SSDs are more complex than traditional hard drives. They can read/write in 4K blocks, but can only erase blocks of 512K. Therefore SSDs have a sophisticated garbage collection system that constantly relocates disk blocks. TRIM is a new ATA command feature for SSDs that prevents excessive block movements.

In this project the I/O performance of SSDs will be investigated. A choice of several performance parameters needs to be chosen and these parameters need to be investigated. Possible parameters are:
  • The filesystem type (traditional versus ZFS).
  • Hardware versus software RAID versus JBOD (Just a Bunch Of Disks).
  • The effect of TRIM.
  • The performance degradation caused by fragmentation, etc.
Theoretical predictions should be compared with the experimental data.
Ronald van der Pol <Ronald.vanderPol=>rvdp.org>

Daan Muller <Daan.Muller=>os3.nl>
Sebastian Carlier <Sebastian.Carlier=>os3.nl>
R
-
P
1
31

SURFnet Cloud Computing Design.

SURFnet is the primary supplier of advanced networking to Colleges, Universities and Research Institutions. They wish to optimize their computing capacity, they hope to realize this with the use of cloud computing. With the rising interest in cloud computing, a lot of new techniques are being developed and SURFnet wishes advice which technique best fits their needs. Computing overcapacity could be shared between SURFnet and educational institutions or network equipment could be shut down to save energy. Within this project we will research the best available options. SURFnet always searches for new techniques to improve their overall systems, if these are a great success they advice this to their institutions (like NREN), In the hope for better co ?operation like possible with cloud computing.

Which cloud computing platform meets the requirements best, set by SURFnet, to share resources between them and their institutions?
Rogier Spoor <Rogier.Spoor=>SURFnet.nl>

Arthur Schutijser <arthur.schutijser=>os3.nl>
Marvin Rambhadjan <marvin.rambhadjan=>os3.nl>
R
-
P
1
32

Distributed file system on the SURFnet network.

Ten behoeve van de toekomstige SURFnet cloud moet er voor de applicaties die binnen de cloud draaien voldoende storage beschikbaar zijn. Traditionele ICT-omgevingen maken gebruik van dure SAN/NAS storage voor hun opslag. Dit type storage biedt een zeer goede performance en is bijzonder geschikt voor gebruik door databases of VM-images. Echter voor diverse andere toepassingen is een SAN/NAS storage omgeving veel te prijzig. Daarnaast schalen de traditionele SAN/NAS omgevingen slecht.

Opdracht: Ontwerp een nieuw storage systeem dat het mogelijk maakt om een single "mountpoint" storage aan te bieden waarin het vervolgens mogelijk is om data tussen zogenaamd storage tiers dynamische te verplaatsen. Bijvoorbeeld als een specifieke file veel geraadpleegt wordt dan moet deze file op een solid-state disk gehost worden echter als deze file nauwelijks geraadpleegt wordt moet deze naar een SATA-disk environment verplaatst worden. Er zijn inmiddels commerciele oplossingen die deze functionaliteit bieden binnen hun hardware domein. SURFnet is op zoek naar een oplossing die tussen verschillende hardware domeinen werkt.
Rogier Spoor <Rogier.Spoor=>SURFnet.nl>

Jeroen Klaver <jeroen.klaver=>os3.nl>
Roel van der Jagt <Roel.vanderJagt=>os3.nl>
R
-
P
2
34

GPU-based password cracking.

KPMG gives to their clients as part of their advise also a recommendation on password length. With GPU-based password cracking on the horizon this advice may have to change. GPU-based password cracking is probably several times faster than CPU based cracking. So passwords can be faster compromised. KPMG?s central question is: ?what should we advise our clients regarding password length and complexity now that GPU-based password cracking has become a reality??
  1. What are the theoretical differences between a CPU and GPU?
  2. What tools are available for GPU based cracking?
  3. What is the actual performance gain of GPU versus CPU-based cracking?
  4. What is the recommended password length for clients of KPMG?
  5. What is the recommended cracking strategy for KPMG?
Marc Smeets <Smeets.Marc=>kpmg.nl>

Roel van der Jagt <roel.vanderjagt=>os3.nl>
Marcus Bakker <marcus.bakker=>os3.nl>
R
-
P
1
36

On Demand Grid on Cloud.

Researchers that develop new and potentially disruptive technologies for Grid computing often do not get the required access privileges to Grids in order to test and deploy their work. Here, we investigate bootstrapping of an on-demand experimental Grid platform on the Amazon EC2 Cloud that provides researchers unlimited access. The Amazon EC 2 cloud supports programmatic control to create manage a large number of nodes. How can we use the Cloud to provide an on-demand experimental Grid platform of hundreds of nodes? The goal is to have a workable bootstrapping process to run our experiments.
Rudolf Strijkers <strijkers=>uva.nl>
Paola Grosso <p.grosso=>uva.nl>

Willem Toorop <willem.toorop=>os3.nl>
Alain van Hoof <alain.vanhoof=>os3.nl>
R
-
P
2
38

Secure services on TomTom PND's.

TomTom earn revenue from after market sales of additional maps and services. To secure that revenue TT have implemented a new security model in their ARM 11 platforms. From power on / reset the microprocessor executes code from a ROM physically located in the CPU package. The ROM code is the root of a Chain of Trust (CoT) that verifies the integrity of each step in the boot process before passing control of the CPU to it. The CoT extends from the boot ROM to the RootFS 

In this project, the student is challenged to find weaknesses in the TomTom implementation and potential exploits that could allow the execution of abitrary code. Access to hardware, source codes and build tools will be provided by TomTom.

The outcome of the project should be a detailed analysis of the TomTom implentation highlighting potential exploits & recommendations to enhance the exisiting implementation. The student should also survey modern CPUs and consider which are most suitable when implementing a CoT.
Jaap-Jan Boor <Jaap-Jan.Boor=>tomtom.com>

Cosmin Dumitru <cosmin.dumitru=>os3.nl>
Niek Timmers <niek.timmers=>os3.nl>
R
-
P
2
39

Detecting illegal use in TomTom PND's.

TomTom currently has a large installed base (millions) of users using the pre-ARM11, open platform, hardware. This current platform was not designed to be secure and provides relatively easy mechanisms to bypass the existing DRM system used to protect maps.

In this project the student is challenged to find and demonstrate gaps in the design *and* provide recommendations to improve it without having the ability to update key components like hardware.

TomTom will provide access to hardware, source code and build tools.
Jaap-Jan Boor <Jaap-Jan.Boor=>tomtom.com>
Karl Robinson <Karl.Robinson=>tomtom.com>

Daan Muller <daan.muller=>os3.nl>
Arthur Schutijser <arthur.schutijser=>os3.nl>
R
-
P
2
40

Mail client IPv6 interoperabillity problems.

The depletion of IPv4 is apparent and the transaction to IPv6 still lacks behind. When IANA and the various Regional Internet Registries (RIR?s) run out of IPv4 addresses and only delegation of IPv6 addresses is possible we could face connectivity problems if we do not look for any issues beforehand. E-mail based communication is still one of the most important techniques used in electronic communication. The different protocols that are involved in e-mail transport (SMTP, POP3 and IMAP) could give IPv6 interoperability problems if various implementation do not follow standards. This project will look if there are any pitfalls if one would introduce IPv6 on e-mail transport mechanisms.
The research question for this project is:
  • Can we pinpoint connectivity problems if we would deploy IPv6 on various e-mail agents at a large worldwide scale?
Freek Dijkstra <Freek.Dijkstra=>sara.nl>
Michiel Timmers <michiel.timmers=>os3.nl>
Sebastian Carlier <Sebastian.Carlier=>os3.nl>
R
-
P
2
41

HTTP session identification.

Two former OS3 students T. Kinkhorst and M. van Kleij did a research about detection of drive-by downloads [1]. This has developed the need to be able to identify HTTP sessions. An HTTP session can be defined as all the HTTP traffic that is generated from visiting one single webpage. Thus, not only the content of the main webpage, but also all content retrieved from other sources. For example, pictures and advertisements that are also part of the web-page.
This research project will look into methods on how to identify HTTP sessions and how to separate each HTTP session. The application for this research is not limited to the previous research mentioned above. Many other applications can benefit from the ability to identify HTTP sessions. This solution to identify HTTP sessions can for example be used to analyze HTTP traffic. Since HTTP is a stateless protocol it is hard to identify each session from each other.
Project goals:
  • Define a way to identify HTTP sessions
  • Develop a possible prototype.
References
[1] T. Kinkhorst and M. van Kleij. Busting the ghost on the web: real time de- tection of drive-by-infections, 2009. URL http://www.delaat.net/~cees/ sne-2008-2009/p46/report.pdf.
Bart Roos <roos=>fox-it.com>

Marcus Bakker <marcus.bakker=>os3.nl>
Kevin de Kok <kevin.dekok=>os3.nl>
R
-
P
2

Presentations-rp1

Wednesday feb 3th in room 645.C1.112 at Science Park 904 NL-1098XH Amsterdam. Program:
09h55 Cees de Laat Welcome, introduction. #
10h00 Vic Ding & Laurens Bruinsma Horse-ID 15
10h30 Cosmin Dumitru & Niek Timmers Bright Cluster Manager inc. Failover Research 13
11h00
*
Pauze
11h15 Niels Monen & Berry Hoekstra Security Virtual Infrastructure; Study possible security issues with a virtual infrastructure 28
11h45 Daan Muller & Sebastian Carlier SSD performance. 30
12h15 Alain van Hoof Load simulation on [Open]Solaris systems 2
12h35
*
Lunch
13h30 Arthur Schutijser & Marvin Rambhadjan SURFnet Cloud Computing Design 31
14h00 Roel van der Jagt & Marcus Bakker GPU-based password cracking 34
14h30 Alex Giurgiu Automatic Network Configuration in Clouds 29
14h50
*
Pauze
15h15 Kevin de Kok & Jeroen Klaver Modern Age Burglars 7
15h45 Jeroen van de Rauwera & Axel Puppe Des-Plus encryptie on IP over the powernet: HomePlug Security 19
16h15 Cees de Laat & OS3 team Evaluation
16h45
*
End

Presentations-rp2

I hereby would like to invite you to the annual RP2 presentations, where the SNE students will be presenting their research. Considering the wide variety of presentations the day promises to be very interesting, and we hope you will join us. At the end of the day there will be time for drinks and discussion.

Please register with delaat@uva.nl, and let us know with how many people you will be attending.
Wednesday June 30th, 2010 in room 645.C0.110 at Science Park 904  NL-1098 XH Amsterdam. Program:
9h55 Cees de Laat Welcome, introduction. # RP
10h00 Marcus Bakker, Kevin de Kok HTTP session identification 41 2
10h30 Marvin Rambhadjan, Arthur van Kleef Self-adaptive Routing 1 2
11h00
*
Pauze

11h15 Niels Monen, Berry Hoekstra Trustworthiness of Cyber Infrastructure for e-Science *) 10 1
11h45 Joeri Blokhuis, Axel Puppe DFRWS Forensics Challenge 2010 16 2
12h15 Jeroen Vanderauwera, Alex Giurgiu Performance measurement tools 18 2
12h45
*
Lunch

13h35 Taarik Hassanmahomed Evaluation of the Handle System to identify and retrieve digital objects. 5 2
14h00 Jeroen Klaver, Roel van der Jagt SURFnet storage Design 32 2
14h30 Willem Toorop, Alain van Hoof On Demand Grid on Cloud. 36 2
15h00
*
Pauze

15h20 Daan Muller, Arthur Schutijser Detecting illegal use in TomTom PND's. 39 2
15h50 Cosmin Dumitru, Niek Timmers Secure services on TomTom PND's. 38 2
16h20 Michiel Timmers, Sebastian Carlier Mail client IPv6 interoperabillity problems. 40 2
16h50 Cees de Laat Closing

17h00
*
Borrel in SNE lab


Links

Info on last years projects: