2023–24 Projects:
Advisor: Jeff Ondich, W/S
If you keep an eye on tech news, you may occasionally see stories like this one by Kim Zetter from 2013: How a Crypto 'Backdoor' Pitted the Tech World Against the NSA. (Yes, I know you were in middle school when that article came out, but bear with me—it's a particularly good article to illustrate my point.) Read a story like this, and you'll hear about the tradeoffs between the needs of the intelligence community and the security needs of individual citizens, about spycraft, about gag orders, about academic freedom, and about the fight against terrorism. It's right out of a spy novel. (And if you like spy novels, check out Zetter's book Countdown to Zero Day, which would be a great spy novel if it were fiction.)
So, you can read this kind of tech journalism just for the excitement. But if you have a mathematical or engineering mindset, you might find yourself asking this question: how the heck do you take a very slight lack of randomness in a random number generator and turn it into an attack on online banking or the encrypted email of terrorists?
In your quest to answer that question, one good place to start is Bruce Schneier's classic textbook Applied Cryptography. But even this excellent introduction, with its applied focus, can leave you with a lot of questions about the practical details. How do you get from the mathematics to the attack? How do you get from the random number generator backdoor to reading somebody's ostensibly encrypted text messages?
The answers to those questions are scattered among hundreds of academic papers, YouTube videos, books, and websites. But for a beginner looking to understand not just the mathematical theory of cryptography but also the pragmatics of cryptographic offense and defense, it can be tough to know where to start.
That's where this project comes in. We're going to build a cryptographic web-based playground where you can learn about and experiment with cryptographic primitives and protocols, attacks against them, and how those attacks can be exploited by hackers.
For this project, you will:
You're likely to be most successful and happy with this project if you enjoy math and have taken Linear Algebra (MATH 232) and Algorithms (CS 252).
Applied Cryptography: Protocols, Algorithms, and Source Code in C, 20th Edition, Bruce Schneier, Wiley, 2015
Cryptography Engineering: Design Principles and Practical Applications, Niels Ferguson, Bruce Schneier, and Tadayoshi Kohno, Wiley, 2011
(An example of how theoretical vulnerabilities get exploited in practice) Exploiting Hash Collisions, Ange Albertini, BlackAlps Cybersecurity Conference, 19 Nov 2017