0368-3500-43 spring 2010


Submitted projects:


Elliptic Curve Cryptography

Rotem Zach, Oleg Zlydenko



Gaby Rubin, Idan Doitch, Lital Kopperberg, Shira Levy


Threshold Elliptic Curve Encryption

Ben Cohavi


Quick Crash Detection

Elad Moshe



Nitzan Miron


Wireless TPM Network Gateway

Tal Nordan, Moran Bar-Gat, Or Kaplan




Security, or guaranteeing the expected behavior in face of intended attacks, is an integral aspect of the design and use of modern information systems. The workshop will provide hands-on programming experience in different aspects of computer and communication security.

Main goals:

  • To introduce students to the challenges of writing security-conscious programs and implementing cryptographic protocols.
  • To lead students through an end-to-end software development cycle:
    • defining the project
    • researching for similar projects
    • learning required background (protocols, APIs, environment)
    • designing the methods of implementation
    • actual implementation
    • testing and debugging
    • adjusting project in response to feedback
    • wrapping up the project and presenting it to the world
  • To give students a better understanding of team-based development (as opposed to solo projects): distribution of tasks, source control and integration of code.
  • To learn something new while having fun

Note: The workshop projects will be interesting and "cool" but not easy!


General Information:


Instructor:  Ran Canetti

Assistant:  Ben Riva

Lecture hours: Tue 10-12, Kaplun 324

Prerequisite: Software 1.

There is no formal prerequisite requirement regarding cryptography or computer security, although some prior background knowledge and affinity will certainly help. Students will be expected to read and learn on their own any concepts and systems that are needed in order to carry out the project successfully.
Mailing List: XX


After two introductory lectures, the students will form teams of 1 to 6 students. Each team will choose a project of scope appropriate to its size (See list of projects below.) Project selection should be done as early as possible, but no later than the third meeting.

The first part of the work on the project is devoted to collecting, reading and understanding the background material. This includes understanding the goal, the relevant theoretical background, the tools to be employed, the programming environment. Very importantly, it also includes a literature search on potential similar software that's already available. At the end of this part, each group has to present its plan to the instructors. You will have to explain in detail the implementation design and show understanding of the internals of the project. Emphasis on implementation and specific project goals will be given by the instructors. You are strongly encouraged to have this presentation as soon as possible.

The main part of the work is devoted to implementing the plans made in the first part. You are expected to test the code you wrote, analyze its performance and draw conclusions as to how it can be improved, what features can be added. Throughout the semester we will have three course meetings in which each group will describe its progress to class and will raise for discussion issues encountered while working on the project.

Submission will be done in three steps:

1. Pre-submission. Each group will have a personal meeting with Ran and Ben, presenting their project in action. Although this presentation is part of the grade, it is intended mostly for feedback.

2. Class presentation. On the last two weeks of the semester, each group will present its project to the class.

3. Final submission. Each group will have another personal meeting with Ran and Ben, presenting their project in action. Changes based on feedback from pre-submission and class presentation will be expected.


  • Present project plan and get an approval,
  • Participate in class discussions about your project and other projects,
  • Present the project and answer questions, following the guidelines in methodology section.


The grade will be the sum of two components: The project component and the understanding/participation component. The project grade will be based solely on the quality of the implementation and the demonstration, against the stated goals. This component will be the same for all the participants in the project. The understanding/participation grade is individual and will be based on the Ran and Ben's impression of your understanding of the material in individual meetings and in the project discussion in class meetings. Note that this component can be either positive or negative.

Code sharing policy

Some projects will be encouraged to share information and code; in other cases such sharing will be prohibited. Needless to say, any unauthorized copying or sharing of information will result in a grade penalty or possible disciplinary action. This includes unauthorized use of publicly available code (such as code provided on the Internet) for some of the tasks you are required to implement. When in doubt, ask.

Technical Details

  • In some of the projects you may choose between Windows(2000/XP/Vista), Mac OS or Linux as your OS of choice, but some should be OS-independent.
  • You may write the project in Java or C/C++. If you want to use another programming language, please contact Ran or Ben for approval.
  • Your submission package should be a zip file that includes
    • Source code (well documented), including makefile, etc
      • If possible, generate automatic documentation for your code (e.g., using Javadoc or Doxygen).
    • A readme file explaining how to build your project
    • Compiled executables
    • Design documentation (high level documentation)
    • User documentation
    • Presentation of the project (including previous work, protocol, implementation details, etc)
    • A web page for your project which will be added to this page!

Class tentative outline:

23.2, 2.3

Workshop goals, methodologies and requirements. Intro to security and cryptography

2.3, 9.3

Overview of suggested projects


Selection of projects


Presentations of work plans


Status reports

1.6, 8.6

Project presentation


Project submission

(class dates

23.2 2.3 9.3 16 23 13.4 27 4.5 11 25 1.6 8)


Suggested Projects:


Below is a tentative list of suggested projects. This list is subject to change. The description below is very terse. More details will be given in class. Projects may be added in the coming weeks. In addition, teams are welcome to propose their own security-related projects. These proposals will of course be subject to approval of the course staff.


Endpoint Risk Assessment/Awareness Tool (Advisor: Checkpoint, Leonid Belkind) (2 students)

The goal of the project is to create a lean tool that would run on the Workstation machines (targeted at various Microsoft Windows operating systems) and assesses the security risk the machine is under in a number of categories:

1.     By scanning the history of connected plug-n-play devices and displaying it, the tool will show a potential risk of copying proprietary data (intentionally or by mistake)

2.     By scanning the history of a Web Browser and passing the URLs through an external mechanism that’d classify them as (dangerous, distributing malware, allowing to upload files, allowing peer-to-peer communication, etc…), the tool would show a potential risk to the system caused by the end user’s actions

3.     By scanning the installed programs and identifying them as dangerous ones (Peer-to-Peer, Supporting File Transfer, etc…) the tool would show a potential data loss risk

4.     By scanning the send items folder of the email client (Support for the most common ones – Microsoft Outlook, Mozilla Thunderbird), the tool would identify the amount of emails (potentially with attachments) that were forwarded from the inside organization to the outside, or were sent to a mixed list of recipients, including both internal and external parties


The overall benefit of running such a tool and generating a report summarizing the abovementioned security risks (alongside potential more advanced ones) is raising the awareness of the end-users to different ways their system can be infected or their data can be exposed to unauthorized parties. Another feature would be to execute the tools from a centralized server in a way that all network assessments will be summarized in a meaningful way.

Quick Crash Detection (Advisors: Checkpoint, Yoav Nir and Yaron Sheffer) (2 students)

The IKEv2 key exchange protocol, defined in RFC 4306, is a reliable security protocol. But failures do happen, and should be detected both quickly and securely. The current protocol relies on rather long timeouts for an IKE peer to detect that the other peer has restarted, and re-initiate the protocol. What is needed is a way for a restarted IKE party to “convince” its peer that it has rebooted, to eliminate this long delay. And given the context of IKE, this must be secured – an attacker must NOT be able to do the same. The “Quick Crash Detection” protocol proposes to do just that. The protocol is defined in an Internet Draft, http://tools.ietf.org/html/draft-nir-ike-qcd-05. The team will implement this extension within an open source implementation (probably StrongSwan). Any issues discovered during the implementation will be reflected in the upcoming Internet standard!


Elliptic Curves cryptography (Advisor: Intel, Barukh Ziv) (2 students)

Cryptosystems based on Elliptic Curves are one of the latest developments in Public-Key Cryptography. Proposed a decade after RSA algorithm, they received increased commercial acceptance and were included in important security standards. Nowadays, they are among the most attractive candidates in new developments of cryptographic schemes both in hardware and software. Thanks to the unique properties of Elliptic Curves, the cryptosystems based on them achieve a desired security level with significantly smaller keys than the more conventional schemes (for instance,  a 160-bit elliptic curve key provides the same level of security as a 1024-bit RSA key). 

Implementing an efficient elliptic curve-based cryptosystem performing at security level proposed by acclaimed standards (i.e. 200-300-bit keys) is a non-trivial task. Generating a random elliptic curve with “cryptographically strong” properties is really challenging!


Students may choose from one of the following projects: 

Elliptic Curve Based Public-Key Cryptosystem: Design and implement a specific public-key cryptographic scheme (digital signature, encryption, or key establishment) based on elliptic curves. The steps in the project include learning the theory of elliptic curves (a fascinating subject in its own); efficient implementations of elliptic curve arithmetic; design and implementation of a cryptographic scheme itself.

Efficient Generation of Cryptographically Strong Elliptic Curves: Based on existing implementations of elliptic curve arithmetic, design and implement an efficient algorithm for random generation of elliptic curves with “cryptographically strong’ properties. The goal is to achieve a speed of at most several seconds for standard-level security (200-300 bits).


1.     Basic knowledge in modular arithmetic, and number theory (or willingness to learn)

2.     Excellent programming skills.

3.     Acquaintance with Public-key cryptosystems.

General secure multi-party computation protocol
(2-3 students)
Secure multi-party computation is a cryptographic paradigm that allows a set of mutually distrustful parties to perform some joint computation in a way that guarantees correctness of the outputs along with secrecy of local data (to the maximum possible extent). Our current ongoing project works on inputs of circuits, and assumes communication channels are in order. We want to improve those two weaknesses, specifically we want to implement:

1.     A compiler that takes a program written in C-like language and produces a matching circuit.

2.     A reliable broadcast channel or a semi-trusted public board

Binary Diffing Framework – “Diversus (4+ students)
A binary diffing is a way of finding the exact differences between 2 variants of the same executable. It is useful for analyzing patched executable for silently closed vulnerabilities (in order to extract signatures for AV, etc), or, to find similarities between malwares.

Why is it hard? different compiler flags, compiler optimizations, small change in code may produce much different binary, etc.

The framework consists of several sub-projects that depends on each other:

  1. (2 students) Asm2Ir – Disassemble binary (e.g. using IDA), analyze it and build intermediate representation of the code. Also, output textual files with all export/import tables and other important data sections.
  2. (1 student) Binary Instrumentation for Dynamic Analysis (BIDA) – use Intel's PIN framework (www.pintool.org) / DynamoRIO (dynamorio.org) / OllyDbg’s traces in order to
    1. record information about control flow
    2. record information about basic blocks flow
    3. chopping of relevant areas
    4. record specific data (e.g., socket data for some function) or dynamic function calls
    5. other interesting information..
  3. (2-4 students) "High level" algorithms
    1. binary diffing algorithms:
      1. find trivial “anchors” (date refs, symbols, external functions, etc)
      2. BitBlaze’s basic algorithms (without semantic analysis) - control graph matching, register reordering, etc
      3. use dynamic traces to improve diff (add more “anchors”)
      4. semantic analysis in order to reduce “false positives”
    2. trace diff – analyze the edit distance (diff) between two traces in order to different paths
  4. GUI (optional) - Graph visualization for our diff framework (e.g., using www.oreas.com or www.ogdf.net
  5. Data tainting (optional)

Search on encrypted database on the cloud (2 students)
When you store something on the cloud, you can’t assume that its privacy will be ensured. Hackers, malicious insiders or just lack of security measures can result in leakage of your most sensitive information. The goal of this project is to implement an encrypted database such that the client is capable of querying the database without exposing the decryption key to the cloud provider or anyone else. The idea is to implement the protocol over existing database (e.g. MySQL, Amazon SimpleDB). The solution should be based on previous works, including
http://www.eecs.harvard.edu/~michaelm/postscripts/acns2005.pdf and/or http://cs.ucla.edu/~rafail/PUBLIC/74.pdf.

Verifiable computation on clouds (2-3)
When you delegate your computation to some powerful server (e.g., Google, Amazon) you assume that the computation was executed properly. If the server has some interest to cheat (e.g., to save up resources) then you cannot catch him easily.
This project will implement an efficient protocol that uses 2 clouds in order to verify that their computations were done properly. The project will consist of a “record and replay” interpreter that will wrap the computation inside a controlled environment in a way that it will be verifiable. The computation could be any program of some easy to work with assembly.

Qilin project
(2 or more students)
Qilin (
qilin.seas.harvard.edu) is an open source project for providing JAVA SDK for prototyping of cryptographic protocols. We want to implement primitives or protocols as part of this project. Specific ideas can be: encryption schemes, hashes, signature schemes, verified mix-net, oblivious RAM, 2PC, etc.

Other general projects

1.     Write a BlueTooth scanner for 1-2 mobile phones, and , a server that shows all scanned mobiles on google maps (similar to http://trifinite.org/trifinite_stuff_btaudit.html) (1-2 students)

2.     Encrypted DiskOnKey (with drivers, GUI, hidden volume, etc). e.g., www.truecrypt.org. (2 students)

Your suggested project!




© Copyright 2008 Tel Aviv University All rights reserved.