The network security group is always searching for top undergraduate and masters students. By doing your undergraduate or masters project in our group, you'll have the opportunity to influence the design of the SCION future Internet architecture. Projects vary in length and scope, but generally focus on theoretical and practical aspects of SCION or SCION-based systems including (but not limited to) the topics listed below. Please contact us at firstname.lastname@example.org to discuss thesis, projects, and internship opportunities.
Securing IoT deployments with network-based defenses. The setting of this project is an IoT-enriched world, where devices may contain security vulnerabilities but cannot be easily patched. In this research direction, we study how we can provide security and privacy properties based on network-level defenses, despite potentially vulnerable or compromised IoT devices.
Design of path selection and path quality prediction algorithms. SCION allows clients to pick path segments to construct end-to-end paths. These paths are currently constructed based on simple metrics such as total path length or segment lifetime. This project will design algorithms to construct paths based on more sophisticated metrics (e.g., path cost, route diversity, latency). As SCION grows, the number of segments will grow, requiring highly efficient algorithms to quickly build paths.
DDoS defense with SIBRA. How would SIBRA's resource allocation be performed? How would an edge router perform flow admission control and resource allocation on a per-domain basis? How would a server make use of SIBRA to defend against a real-world DDoS attack? How could an email provider make use of SIBRA (e.g., ProtonMail), in particular study DDoS defense in heterogeneous environments, with mixed SCION/SIBRA and legacy Internet clients.
Anonymous communication. Incremental deployment: how could a corporation leverage HORNET to hide their web searches from a web service even though that web service does not deploy HORNET? How could the ISPs be incentivized to deploy given regulatory requirements for assisting law enforcement?
Accountable and Private Network Architecture (Taeho Lee). Accountability and Privacy are conflicting properties that are desirable in Internet Architectures. We have proposed an architecture, APNA, that attempts to balance between the two properties by enlisting ISPs as accountability agents and privacy brokers. As a design principle, we believe the network should only provide the basic building blocks to protect the identity of the host at the network layer and that protocols at higher layers (e.g., transport layer) should provide stronger privacy properties (e.g., resiliency against timing analysis). In this model, a user would choose an appropriate transport protocol based on his/her privacy requirements. The goal of the project is three-fold: 1) Extend the current Linux Kernel implementation of APNA to implement a reliable transport protocol (e.g., TCP), 2) Analyze privacy requirements that users may have, and design privacy-preserving functionalities that can be added onto transport protocols. One will also need to consider/evaluate the consequences of introducing the proposed privacy functionalities into the existing transport protocols. 3) Implement the proposed transport protocols.
Network Pricing with SCION. Identify economic models for Internet Service Providers (ISPs) to deploy a pricing infrastructure. For example, ISPs could offer guaranteed-bandwidth paths with a higher cost than best-effort paths. How can prices be determined? How quickly is pricing information disseminated? How can we avoid oscillations or fluctuations of flows? This multi-faceted problem space offers many interesting practical and theoretical challenges.
Privacy-preserving DNS. Complementary to our anonymity and PKI projects, design and implement a SCION-based DNS system that is scalable, secure, efficient, and does not leak private information.
Quantum-crypto resilient secure routing. There has been renewed interest to construct secure routing systems based on purely symmetric functions, to avoid using public-key cryptographic systems that would be vulnerable to quantum computers. Given the regularity of the beaconing process and the structure of the routing system, SCION would be quite amenable to such an approach. To prepare to work in this direction, you can take a look at the following papers: BIBA, HORS, SPV, and Efficient Security Mechanisms for Routing Protocols.
Content-centric network architecture. Information-Centric Networking (ICN) or Content-Centric Networking (CCN) architectures optimize the fetching of content objects. Since the majority of traffic on the current Internet is due to downloading of videos, an ICN/CCN architecture would reduce the total network overhead by serving frequently accessed objects from local caches. An interesting research challenge is to study how such an architecture can be efficiently implemented in a future Internet architecture. Content integrity and access privacy are two additional interesting security challenges in this context.
Lukas Widmer. High-speed continuous Bloom filter. Bachelor's thesis, October 2015. Advisors: Chen Chen and Dr. Adrian Perrig.
Michael Kurth. Fast mixing strategy at the network layer. Bachelor's thesis, September 2015. Advisors: Chen Chen and Dr. Adrian Perrig.
Dominik Roos. Implementation of Per-Flow Stateless Monitoring in Future Internet Architectures. Bachelor's thesis, September 2015. Advisors: Cristina Basescu, Yao Zhang, Dr. Pawel Szalachowski, and Dr. Adrian Perrig.
Lukas Limacher. Source meta-information authentication along adaptive network paths for policy enforcement. Masters thesis, August 2015. Advisors: Cristina Basescu and Dr. Adrian Perrig in collaboration with Open Systems AG.
Anton Ovchinnikov. Future Internet Architecture Testbed Management System. Masters thesis, August 2015. Advisors: Dr. Jean-Yves Le Boudec (EPFL), Dr. Pawel Szalachowski, and Dr. Adrian Perrig.
Pragnya Alatur. Implementation of a Stateless SDN Data Plane. Bachelor's thesis, August 2015. Advisors: Tae-Ho Lee, Christos Pappas, and Dr. Adrian Perrig.
Samuel Steffen. A Secure PKI Environment for Private Key Storage. Bachelor's thesis, July 2015. Advisors: Stephanos Matsumoto and Dr. Adrian Perrig.
Daniele E. Asoni. Secure High-Speed Anonymity Systems on Future Internet Architectures. Master's thesis, May 2015. Advisors: Dr. David Barrera and Dr. Adrian Perrig. Awarded the 2015 Information Security Society of Switzerland (ISSS) Excellence Award!
Lionel Bruchez. Highly Available and Reliable Name and Path Lookups in Future Internet Architectures. Master's thesis, April 2015. Advisors: Dr. David Barrera and Dr. Adrian Perrig.
Laurent Chuat. Efficient and Secure Gossip Protocols Based on Network Traffic. Master's thesis, October 2014. Advisors: Dr. Pawel Szalachowski, and Dr. Adrian Perrig.
Lin Chen. Accountable Key Infrastructure - Implementation. Master's thesis, June 2014. Advisors: Dr. Jean-Pierre Hubaux (EPFL), Dr. Pawel Szalachowski, and Dr. Adrian Perrig.
Lorenzo Baesso. Prototype of the Accountable Key Infrastructure. Master's thesis, May 2014. Advisors: Dr. Pawel Szalachowski, and Dr. Adrian Perrig. Awarded the 2014 Information Security Society of Switzerland (ISSS) Excellence Award!