AJ: Convergence Analysis of Machine Learning Methods using Dynamic System Theory

Tutor: Alex Jung

A large class of machine learning methods is obtained by applying iterative optimization methods. In order to characterize the computational properties of ML methods it is important to understand the convergence speed of the optimization methods. The theory of dynamic systems has been applied recently to obtain tight bounds on the convergence rate for some popular optimization methods. This project aims at investigating the applicability of dynamic system theory to a particular class of optimization problems arising from semi-supervised learning in network-structure data.

References:

  • Analysis and Design of Optimization Algorithms via Integral Quadratic Constraints. Laurent Lessard, Benjamin Recht, and Andrew Packard. SIAM Journal on Optimization 2016 26:1, 57-95


AK: State of the Art of IoT Data Model Translation

Tutor: Ari Keränen

Interoperability is still today one of the key challenges for the Internet of Things (IoT). While interoperability has improved tremendously over the past years, largely thanks to wider use of common IoT protocols, different (eco)systems still often use different data models. It seems that at least for quite some time we will have to cope with very heterogeneous space of data models. One key approach to the challenge is to use automatic data model translation. Recently many theoretical and practical approaches have been proposed and developed, using variety of techniques from novel representation formats to AI-backed rule engines and shared ontologies. 

What is the current state of the art for model translation? How effectively can we translate between commonly used IoT data models? Where are the remaining key challenges to achieve generic and automated data translation?

References: 

  • https://www.iab.org/activities/workshops/iotsi/
  • https://github.com/t2trg/2017-07-wishi


AM1: Mobile edge computing assisted Internet of Things
Tutor: Abbas Mehrabi

Mobile edge computing (MEC) enables moving the contents, processing and storage from the central cloud to the edges of the network nearby the end consumers. Utilizing the storage/processing elements at the edges within the radio access network (RAN) provides the high available bandwidth, low-latency and high privacy which are the essential requirements for delay-sensitive or computationally-intensive IoT applications. MEC plays the significant role for IoT scenarios with heterogeneous user requirements arising in different application domains such as healthcare, video streaming, vehicular networking, smart grid energy and smart city. Furthermore, MEC enables the utilization of users mobility and their contextual information and also provides the platform for designing joint optimization solutions and intelligence at the edges therefore it significantly contributes to the improvement of users quality of experience (QoE). This seminar aims to survey different use cases of IoT scenarios where MEC is the suitable candidate for deployment particularly its characteristics for enabling collaborative edge caching and processing, device-to-device (D2D) or vehicle-to-vehicle (V2V) communications as well as sustainable IoT.

References:

  • N. Abbas, Y. Zhang, A. Taherkordi, and T. Skeie, ”Mobile edge computing: a survey”, IEEE Internet Things J., vol. 5, no. 1, pp. 450-460, Feb. 2018.
  • Z. Zhou, J. Feng, L. Tan, Y. He, and J. Gong, “An air-ground integration approach for mobile edge computing in IoT”, IEEE Commun. Maga., vol. 56, no. 8, pp. 40-47, Aug. 2018.
  • X. Li, S. Liu, F. Wu, S. Kumari, and J. J.P.C Rodrigues, ”Privacy preserving data aggregation schema for mobile edge computing assisted IoT applications”, IEEE Internet Things J., Accepted, 10.1109/JIOT.2018.2874473.
  • G. Premsankar, M. D. Francesco, and T. Taleb, “Edge computing for the Internet of Things: A case study”, IEEE Internet Things J., vol. 5, no. 2, pp. 1275-1284, Apr. 2018.    
  • N. Kumar, S. Zeadally, and J. J.P.C Rodrigues, “Vehicular delay-tolerant networks for smart grid data management using mobile edge computing”, IEEE Commun. Maga., vol. 54, no. 10, pp. 60-66, Oct. 2016.


AM2: Mobile crowdsensing in Internet of Things
Tutor: Abbas Mehrabi

Efficient data collection from huge number of heterogeneous and low-power IoT devices such as small sensors which are scattered within a large deployment area is a challenging tasks. Limited energy of such nodes and their long physical distances further complicates the data collection process. Direct data transmission to the IoT gateways and then forwarding the data to the central cloud server increases the communication/computation complexity and degrades the energy efficiency performance. Advancement in information and communication technology (ICT) has introduced innovative approaches which facilitates the low-complex and energy efficient data crowdsensing for large-scale IoT applications. There are several challenges in the system such as time-varying characteristic of sensors data, energy efficiency, time-sensitivity of IoT applications and crowdsourcer mobility. Incentive-based mechanisms have been proposed as instances of emerging solutions toward encouraging the IoT devices and the cloud infrastructures to participate in the crowdsensing system. The seminar aims to summarize the recent research efforts in designing mobile crowdsensing solutions and highlight some potential directions for future research from the system optimization point of view.  

References:

  • C. Jiang, L. Gao, L. Duan, and J. Huang, “Scalable mobile crowdsensing via peer-to-peer data sharing”, IEEE Trans. Mobile Comput., vol. 17, no. 4, pp. 898-912, Apr. 2018.
  • M. Tomasoni, A. Capponi, C. Fiandrino, D. Kliazovich, F. Granelli, and P. Bouvry, “Profiling Energy Efficiency of Mobile Crowdsensing Data Collection Frameworks for Smart City Applications”, in Proc. 6th IEEE Int. Conf. Mobile Cloud Comput. Services and Engineering, pp. 1-8, Mar. 2018.
  • M. H. Cheung, F. Hou, and J. Huang, “Delay-Sensitive Mobile Crowdsourcing: Algorithm Design and Economics”, IEEE Trans. Mobile Comput. vol. 17, no. 12, pp. 2761-2774, Dec. 2018. 
  • Y. Yang, W. Liu, E. Wang, and J. Wu, “A Prediction-based User Selection Framework for Heterogeneous Mobile Crowdsensing”, IEEE Trans. Mobile Comput., Accepted, DOI: 10.1109/TMC.2018.2879098.
  • L. Li, K. Ota, and M. Dong, “Human in the Loop: Distributed Deep Model for Mobile Crowdsensing”, IEEE Internet Things J., Accepted, DOI: 10.1109/JIOT.2018.2883318.
  • W. Gong, B. Zhang, and C. Li, “Task Assignment in Mobile Crowdsensing: Present and Future Directions”, IEEE Netw., vol. 32, no. 4, pp. 100-107, Mar. 2018.
  • A. Capponi, C. Fiandrino, D. Kliazovich, P. Bouvry, and S. Giordano, “A Cost-Effective Distributed Framework for Data Collection in Cloud-Based Mobile Crowd Sensing Architectures”, IEEE Trans. Sustainable Computing, vol. 2, no. 1, pp. 3-16, Jan.-Mar. 2017.  


AP1: Formal Verification of Cryptographic Protocols with Tamarin Prover

Tutor: Aleksi Peltonen

Formal verification is a group of techniques based on applied mathematics. These methods can be divided into two categories: deductive verification and model-based verification. Deductive verification includes inferring the correctness of a system specification with axioms and proof rules. Model-based verification, on the other hand, involves creating a state model of the system and performing exhaustive exploration of all possible states. When an error state is reached, the model checker typically provides a trace leading from the initial state to the error state. Formal verification methods are often used to prove the reliability of commonly used protocols, such as TLS 1.3, and they have been used by companies such as Amazon and Facebook to eliminate bugs in large-scale services.

In this topic the student will learn about verification of cryptographic protocols with the Tamarin Prover and demonstrate the tool with an example analysis of a protocol that is agreed upon with the supervisor.

References:

  • http://tamarin-prover.github.io/
  • https://tamarin-prover.github.io/manual/book/001_introduction.html
  • https://github.com/tamarin-prover/teaching

AP2: Formal Verification of Cryptographic Protocols with ProVerif

Tutor: Aleksi Peltonen

Formal verification is a group of techniques based on applied mathematics. These methods can be divided into two categories: deductive verification and model-based verification. Deductive verification includes inferring the correctness of a system specification with axioms and proof rules. Model-based verification, on the other hand, involves creating a state model of the system and performing exhaustive exploration of all possible states. When an error state is reached, the model checker typically provides a trace leading from the initial state to the error state. Formal verification methods are often used to prove the reliability of commonly used protocols, such as TLS 1.3, and they have been used by companies such as Amazon and Facebook to eliminate bugs in large-scale services.

In this topic the student will learn about verification of cryptographic protocols with ProVerif and demonstrate the tool with an example analysis of a protocol that is agreed upon with the supervisor.

References:

  • http://prosecco.gforge.inria.fr/personal/bblanche/proverif/
  • http://prosecco.gforge.inria.fr/personal/bblanche/proverif/manual.pdf


AP3: Formal Verification of EAP with mCRL2

Tutor: Aleksi Peltonen

Formal verification is a group of techniques based on applied mathematics. These methods can be divided into two categories: deductive verification and model-based verification. Deductive verification includes inferring the correctness of a system specification with axioms and proof rules. Model-based verification, on the other hand, involves creating a state model of the system and performing exhaustive exploration of all possible states. When an error state is reached, the model checker typically provides a trace leading from the initial state to the error state. Formal verification methods are often used to prove the reliability of commonly used protocols, such as TLS 1.3, and they have been used by companies such as Amazon and Facebook to eliminate bugs in large-scale services.

In this topic the student will learn about protocol modelling with the micro Common Representation Language 2 (mCRL2) and use it to analyse the Extensible Authentication Protocol (EAP).

References:

  • https://tools.ietf.org/html/rfc3748
  • https://www.mcrl2.org/web/user_manual/index.html


AT: Survey: IPv6 Honeypots for IoT

Tutor: Amit Tambe

Honeypots are a well established mechanism to understand the behaviour of attackers. A honeypot is an exposed infrastructure typically used to attract potential attackers with the goal of learning from attackers and gaining knowledge about the threat landscape [1]. Interactions of attackers with the honeypot system are recorded and closely analysed. Such analysis allows understanding attack vectors and consequently designing mitigation techniques.

In [2] and [3], the authors have proposed extending the idea of honeypots for IoT devices. Exposing IoT devices using honeypots is a distinct strategy to understand the attack vectors specifically for IoT devices. While, the authors of [2] build a high interaction honeypot using commercial off-the-shelf IoT devices, the authors of [3] approach the problem by emulating IoT devices. Both the approaches, however, rely on using IPv4 based IoT devices. Considering the large number of IoT devices already out in the field and many more devices to be used in the near future, studies are being conducted [4] to analyse the adoption of IPv6 with IoT.

The goal of this survey project would be to identify existing and proposed state of the art IPv6 honeypot implementations. Implementing an IPv6 honeypot constitutes overcoming a major challenge of attracting attackers to the honeypot (given the large IP range required to be scanned by attackers). We would like to identify how an IPv6 honeypot implementation would attract attackers and yet be credible (IPv6 address space is infrequently used, to be believable). Finally, we would like to study whether such a honeypot setup can be applied to IoT devices as well.

References: 

  • Provos, N., 2004, August. A Virtual Honeypot Framework. In USENIX Security Symposium (Vol. 173, pp. 1-14).
  • Guarnizo, J.D., Tambe, A., Bhunia, S.S., Ochoa, M., Tippenhauer, N.O., Shabtai, A. and Elovici, Y., 2017, April. Siphon: Towards scalable high-interaction physical honeypots. In Proceedings of the 3rd ACM Workshop on Cyber-Physical System Security (pp. 57-68). ACM.
  • Pa, Y.M.P., Suzuki, S., Yoshioka, K., Matsumoto, T., Kasama, T. and Rossow, C., 2015. IoTPOT: analysing the rise of IoT compromises. EMU, 9, p.1.
  • Ziegler, S., Crettaz, C., Ladid, L., Krco, S., Pokric, B., Skarmeta, A.F., Jara, A., Kastner, W. and Jung, M., 2013, May. Iot6–moving to an ipv6-based future iot. In The Future Internet Assembly (pp. 161-172). Springer, Berlin, Heidelberg.


BGA1: Security of Deep Reinforcement Learning Applications
Tutor: Buse Gul Atli

Adversarial attacks in deep learning based object detectors that can force the model to misclassify images have been extensively studied in the field of computer vision. Recently, it was discovered that adversarial attacks can also be effective at targeting neural network policies, which are used in deep reinforcement learning (RL) [?]. RL agents in AI systems are supposed to choose actions that are critical to the overall objective over time by looking at the current state of the environment.(e.g, driving home safely, manufacturing or delivering devices, etc.)

Therefore, it is important to understand the susceptibility to adversarial examples which might fool the RL agent to choose a completely different action for an undesired objective.

The student is expected to survey recent approaches in finding adversarial samples in reinforcement learning agents and present the strengths and limitations of them. The student will also investigate possible defenses against adversarial attacks in reinforcement learning agents. The overview can also include an experimental work replicating publicly available GitHub codes or just a simple implementation of Deep Q-Network (DQN) for deeper analysis (and for fun) but it is not necessary.

Prerequisites: Basic knowledge of deep learning and reinforcement learning. (or interested in the subject and willing to spend a fair amount of time to learn)

References:

  • Adversarial examples in general machine learning: https://blog.openai.com/adversarial-example-research/
  • Notes for the course opened in the last term: CS-E4070 - Special Course in Machine Learning and Data Science: Adversarial Deep Learning: https://mycourses.aalto.fi/course/view.php?id=22870
  • A comprehensive GitHub guide for sources: https://github.com/yenchenlin/awesome-adversarial-machine-learning
  • More for reinforcement learning (chapters 3,4): https://web.stanford.edu/class/psych209/Readings/SuttonBartoIPRLBook2ndEd.pdf
  • RL Course by David Silver: https://youtu.be/2pWv7GOvuf0
  • Deep Q Network tutorial: https://medium.com/@jonathan_hui/rl-dqn-deep-q-network-e207751f7ae4"

BGA2: A Survey on Intrusion Detection Datasets

Tutor: Buse Gul Atli

Evaluating intrusion detection systems (IDS) is a difficult task, since comparison of different approaches requires the use of a standard dataset. While there are many state-of-the-art datasets (e.g., KDDCup 1999) are publicly available for evaluating the performance of IDS approaches or devices, these datasets no longer represent a realistic architecture or novel attack protocols with incomplete, inconsistent or unlabelled traces. Moreover, many datasets used as a performance metric cannot be shared due to privacy issues, which leads to no fair evaluation of the proposed IDS. The student involved in this topic is expected to make a survey about recently published and publicly available datasets, investigate their characteristics and evaluate their strengths or weaknesses. The student will also investigate what type of qualities should a proper IDS dataset has in order to provide an effective performance metric.

References:

  • Example datasets: https://www.unb.ca/cic/datasets/ids-2017.html
  • A survey on IDS general: ""Network anomaly detection: methods, systems and tools."" IEEE communications surveys & tutorials 16.1 (2014): 303-336.
  • Another survey: Hindy, Hanan, et al. ""A Taxonomy and Survey of Intrusion Detection System Design Techniques, Network Threats and Datasets."" arXiv preprint arXiv:1806.03517 (2018).


BJ1: Video Caching, Computing and Delivery in Wireless Mobile Edge Networks
Tutor: Behrouz Jedari

The global mobile traffic is expected to grow about eight times by 2023, where video data will account for 73% of the traffic [1]. With the advent of 5G networks, proactive caching of popular videos at the network edge (i.e., base stations) is considered as a cost-efficient solution to increase the network capacity, while reducing the congestion in network backhaul. The main objective of video edge caching mechanisms is to bring contents as close as possible to end-users, thus improve their quality of experience [2]. However, several important challenges such as cooperative video caching and delivery, as well as resource allocation and pricing are still left unexplored [3]. The main goal of this project is to extend video caching protocols currently developed in our research group and evaluate their performance.

References:

  • Ericsson, “Ericsson mobility report,” June 2018, [Online]. Available: https://www.ericsson.com/en/mobility-report/reports/june-2018.
  • L. Li, G. Zhao, and R. S. Blum, “A survey of caching techniques in cellular networks: Research issues and challenges in content placement and delivery strategies,” IEEE Communications Surveys Tutorials, vol. 20, no. 3, 1710-1732, 2018.
  • Ke Zhang Supeng Leng, Yejun He, Sabita Maharjan, and Yan Zhang, “Cooperative Content Caching in 5G Networks with Mobile Edge Computing,” IEEE Wireless Communications, vol. 25, no. 3, pp. 80 – 87, 2018.

BJ2: Intelligent Edge Computing and Caching Techniques in Future Wireless Networks 
Tutor: Behrouz Jedari

With the exponential growth of mobile data traffic, edge computing and caching techniques are emerged to bring networking services as close as possible to end-users, thus improve resource utilization and user quality-of-experience in wireless environments. Recently, the application of machine-learning techniques has been introduced to mobile edge computing and caching as promising solutions in which big data analytics are explored to further improve network efficiency and alleviate the high demand for radio resources in wireless edge networks.

The student interested in this topic will study learning-based edge computing and caching solutions in future 5G networks based on existing works in the literature. 

References:

  • 1- Z. Chang, L. Lei, Z. Zhou, S. Mao, and T. Ristaniemi, “Learn to cache: Machine learning for network edge caching in the big data era,” IEEE Wireless Communications, vol. 25, no. 3, pp. 28–35, 2018
  • 2- H. Li, K. Ota, and M. Dong, “Learning IoT in Edge: Deep Learning for the Internet of Things with Edge Computing,” IEEE Network, vol. 32, no. 1, pp. 96-101, 2018.


CB: On the conceptual weirdness of indistinguishability obfuscation

Tutor: Chris Brzuska

See slide set provided in the reference section below. The goal is to choose a subset of conceptually interesting results on indistinguishability obfuscation and explain them in an accessible manner.

References: 

  • http://www.chrisbrzuska.de/2019-indistinguishability-obfuscation-seminar.ppt
  • ...and the same as PDF, if preferred: http://www.chrisbrzuska.de/2019-indistinguishability-obfuscation-seminar.pdf


CZ1: V2X for Autonomous Vehicles

Tutor: Chao Zhu

Autonomous vehicle will be one of the most import revolutions in future. With the regulation of computer, the autonomous vehicle can greatly release the labor force and reduce the probability of car accident caused by a manual mistake. However, the self-driving vehicles’ perception systems, such as LIDAR and cameras, mainly depend on light reflection and sometimes may not detect obstacles, such as when the vehicle is being blocked or is moving toward the strong-shining sun. In the scope of this topic, the student is supposed to think about how to utilize vehicle network or Vehicle to Everything connections (V2X) to assist self-driving vehicles when they are temporarily  “blind”.

References: 

  • https://www.electronicdesign.com/automotive/v2x-here-stay-now-let-s-use-it-autonomous-cars



CZ2: Crowdsourcing in Vehicular Network

Tutor: Chao Zhu

Vehicular crowdsourcing is an emerging paradigm where vehicles use onboard sensors to collect and share data with the aim of measuring phenomena of common interest. A bunch of applications such as parking navigation, road surface monitoring, and traffic collision reconstruction could be benefited from the information crowdsourced from individual vehicle in a local region.  In the scope of this topic, the student is supposed to survey existing problem, such as privacy, efficiency, and security,  in vehicular crowdsourcing.

References: 

  • http://faratarjome.ir/u/media/shopping_files/store-EN-1484482553-7634.pdf


GI1: Machine learning based rate adaption in adaptive HTTP video streaming

Tutor: Gazi Illahi

Adaptive HTTP video streaming solutions , for example Apple's  HLS and those based on the HTTP-DASH  protocol are the primary conduits of Video on Demand delivery today. These solutions typically comprise of a "dumb" HTTP server and an intelligent client player. The client player decides which quality of video to request from the server based on some rate adaptation logic which may consider, for example, buffer occupancy or estimated network capacity. Recently, many works have considered machine learning approached to rate adaptation. This seminar paper will consider the various state of the machine learning rate adaptation approaches and compare them, particularly in the context of Quality of Experience.

References: 

  • Chien, Yu-Lin, Kate Ching-Ju Lin, and Ming-Syan Chen. ""Machine learning based rate adaptation with elastic feature selection for HTTP-based streaming."" In Multimedia and Expo (ICME), 2015 IEEE International Conference on, pp. 1-6. IEEE, 2015.
  • M. Claeys, S. Latre, J. Famaey and F. De Turck, ""Design and Evaluation of a Self-Learning HTTP Adaptive Video Streaming Client,"" in IEEE Communications Letters, vol. 18, no. 4, pp. 716-719, April 2014. doi: 10.1109/LCOMM.2014.020414.132649
  • Claeys, Maxim, Steven Latré, Jeroen Famaey, Tingyao Wu, Werner Van Leekwijck, and Filip De Turck. ""Design of a Q-learning-based client quality selection algorithm for HTTP adaptive video streaming."" In Proceedings of the 2013 Workshop on Adaptive and Learning Agents (ALA), Saint Paul (Minn.), USA, pp. 30-37. 2013.


GI2: Machine Learning for video encoding

Tutor: Gazi Illahi

Video encoding aims to reduce the size of raw video which is captured from video cameras or synthetically generated. In practice, this is achieved by removing (possibly redundant) information as much as possible in a manner such that reconstruction of the video at the decoding stage is minimally affected.

Machine learning algorithms have the potential to replace and improve upon at least some of the algorithms involved in the video encoding/decoding pipeline. This could lead to better quality to compression ratios as well as potentially faster encoders.

The students task would be to survey the state of the art in ML applications in video encoding.

References: 

  • Cramer, Christopher, Erol Gelenbe, and H. Bakircloglu. ""Low bit-rate video compression with neural networks and temporal subsampling."" Proceedings of the IEEE 84, no. 10 (1996): 1529-1543.
  • https://ai.googleblog.com/2016/09/image-compression-with-neural-networks.html
  • Hussain, Farhan, and Jechang Jeong. ""Exploiting deep neural networks for digital image compression."" In Web Applications and Networking (WSWAN), 2015 2nd World Symposium on, pp. 1-6. IEEE, 2015.
  • Toderici, George, Damien Vincent, Nick Johnston, Sung Jin Hwang, David Minnen, Joel Shor, and Michele Covell. ""Full Resolution Image Compression with Recurrent Neural Networks."" In CVPR, pp. 5435-5443. 2017.
  • Rippel, Oren, and Lubomir Bourdev. ""Real-time adaptive image compression."" arXiv preprint arXiv:1705.05823 (2017).


GP: Distributed data analytics at the edge

Tutor: Gopika Premsankar

The volume of data sent from IoT devices is increasing tremendously, especially in the context of smart cities. Edge computing allows for data to be processed with very low latency by bringing computation resources closer to the end user. Furthermore, data need not be sent to the cloud for further processing thereby reducing the stress on the backhaul network. Thus, edge computing is a promising solution to analyze and act on the large volume of data being streamed from different sensors. The aim of the seminar paper is to review state of the art in this area and review existing edge architecture and software solutions to run real-time data analysis on IoT sensor data.

References: 

  • Yousefpour, Ashkan, et al. ""All One Needs to Know about Fog Computing and Related Edge Computing Paradigms: A Complete Survey."" arXiv preprint arXiv:1808.05283 (2018).
  • de Assuncao, Marcos Dias, Alexandre da Silva Veith, and Rajkumar Buyya. ""Distributed data stream processing and edge computing: A survey on resource elasticity and future directions."" Journal of Network and Computer Applications 103 (2018): 1-17.


HLT1: Digital Twin for Industrial Edge 4.0: Concepts and Tools

Tutor: Hong-Linh Truong

Digital twin is a new concept of using digital replicas/representation for managing physical assets, components, processes, machines, etc. In this topic, we should study digital twin and its application for industrial machines: how digital twin can be used to model industrial machines in the edge. The study can focus on a subset of the following important questions for this study:

- What does it mean digital twin for industrial machines?

- How can we  use concepts of digital twin for managing industrial machines at the edge?

- Which tools and frameworks can be used for developing digital twin for industrial machines?

- What are the roles of IoT, containers and service models/APIs for implementing digital twin solutions?

- How can we connect digital twin for industrial machines to the cloud services?

References: 

  • https://www.ibm.com/blogs/internet-of-things/iot-cheat-sheet-digital-twin/
  • Somayeh Malakuti and Sten Grüner. 2018. Architectural aspects of digital twins in IIoT systems. In Proceedings of the 12th European Conference on Software Architecture: Companion Proceedings (ECSA '18). ACM, New York, NY, USA, Article 12, 2 pages. DOI: https://doi.org/10.1145/3241403.3241417 
  • Mareike Kritzler, Markus Funk, Florian Michahelles, and Wolfgang Rohde. 2017. The virtual twin: controlling smart factories using a spatially-correct augmented reality representation. In Proceedings of the Seventh International Conference on the Internet of Things (IoT '17). ACM, New York, NY, USA, Article 38, 2 pages. DOI: https://doi.org/10.1145/3131542.3140274 https://dl.acm.org/citation.cfm?id=3162383
  • Arquimedes Canedo. 2016. Industrial IoT lifecycle via digital twins. In Proceedings of the Eleventh IEEE/ACM/IFIP International Conference on Hardware/Software Codesign and System Synthesis (CODES '16). ACM, New York, NY, USA, Article 29, 1 pages. DOI: https://doi.org/10.1145/2968456.2974007
  • Diethelm Bienhaus. 2017. Patterns for the Industrial Internet / Industrie 4.0. In Proceedings of the 22nd European Conference on Pattern Languages of Programs (EuroPLoP '17). ACM, New York, NY, USA, Article 17, 11 pages. DOI:  https://doi.org/10.1145/3147704.3147723
  • https://ercim-news.ercim.eu/en115/special

HLT2: Robotic Process Automation and   Enterprise Cloud Software Services

Tutor: Hong-Linh Truong

Considered as an important aspect in digital transformation, Robotic Process Automation (RPA) has been increasingly used for support automation at the front-end work.  How has/will RPA been/be realized in enterprise service environments where most functionalities are offered through cloud services? How should RPA be developed, tested and integrated with back-end services (e.g., data services and AI) and business  processes and analytics  (e.g., based on BPM and workflows) for back-office? Which are common use cases/scenarios for integration of RPA, enterprise services and business process management?

This study should investigate the above-mentioned questions from software engineering and software service analytics viewpoint. 

References: 

  • https://www.uipath.com/
  • M. Ratia, J. Myllärniemi, and N. Helander. 2018. Robotic Process Automation - Creating Value by Digitalizing Work in the Private Healthcare?. In Proceedings of the 22nd International Academic Mindtrek Conference (Mindtrek '18). ACM, New York, NY, USA, 222-227. DOI: https://doi.org/10.1145/3275116.3275129 
  • https://www.ibm.com/automation/software/rpa
  • http://www.xchanging.com/system/files/dedicated-downloads/robotic-process-automation.pdf
  • https://www.blueprism.com
  • https://www.nice.com/websites/rpa/assets/robotic_process_automation_for_dummies.pdf

JN1: Quantum computing for solving optimization problems – practical perspective

Tutor: Jukka Nurminen

Quantum computing is considered a promising direction for efficient solution of combinatorial optimization problems, which are common e.g. in machine learning and operations research. The aim is to look at the issue from practical perspective: what can be done today (e.g. with D-WAVE, IBM-Q ), how to formulate the problems for quantum computing, understand what are the main bottlenecks, and what are the most promising future directions. The work could perhaps focus on a single algorithm such as travelling salesman and may include experimentation with quantum computer simulators.

References:

  • Rieffel, E. G., Venturelli, D., O’Gorman, B., Do, M. B., Prystay, E. M., & Smelyanskiy, V. N. (2015). A case study in programming a quantum annealer for hard operational planning problems. Quantum Information Processing, 14(1), 1-36.
  • Venturelli, D., Marchand, D. J., & Rojo, G. (2015). Quantum annealing implementation of job-shop scheduling. arXiv preprint arXiv:1506.08479.
  • Montanaro, A. (2016). Quantum algorithms: an overview. Npj Quantum Information, 2, 15023. Retrieved from http://dx.doi.org/10.1038/npjqi.2015.23
  • Warren, R. H. (2013). Numeric experiments on the commercial quantum computer. Notices of the AMS, 60(11), 1434-1438.
  • Humble, T. S., McCaskey, A. J., Bennink, R. S., Billings, J. J., DʼAzevedo, E. F., Sullivan, B. D., ... & Seddiqi, H. (2014). An integrated programming and development environment for adiabatic quantum optimization. Computational Science & Discovery, 7(1), 015006.

JN2: 

Coverage testing of neural networks

Tutor: Jukka Nurminen

As machine learning moves from laboratories to real use, it becomes increasingly important to manage how to deploy, test, and maintain AI solutions. The aim of this work is to study how we can measure which parts of the neural network are activated and look for ideas how to use this information for improved testing and maintenance. The work can build on the DeepXplore system and its open source codebase. In addition to literature survey this work involves experimentation with the use of DeepXplore.

References:

  • Pei, K., Cao, Y., Yang, J., & Jana, S. (2017, October). Deepxplore: Automated whitebox testing of deep learning systems. In Proceedings of the 26th Symposium on Operating Systems Principles (pp. 1-18). ACM.


JW: Android App Collusion

Tutor: Jorden Whitefield

Android supports various communication methods between apps, and colluding apps is an emerging threat to Android based devices. An app collusion is where two or more apps collude in some manor to perform a malicious action that an app cannot perform independently. State-of-the-art malware detection systems analyze apps in isolation, and therefore fail to detect joint malicious actions between colluding two or more apps.

The goal of this seminar topic is to:

1. Survey current Android malware detection literature, techniques, and tools.

2. Survey current Android app collusion literature.

Prerequisites:

Basic knowledge of Android app development and permissions model

References:

  • https://www.mcafee.com/enterprise/en-us/assets/solution-briefs/sb-quarterly-threats-may-2016-1.pdf
  • Wild Android Collusions, https://www.youtube.com/watch?v=8o5c1pH4vzA
  • Abro F.I., Rajarajan M., Chen T.M., Rahulamathavan Y. (2017) Android Application Collusion Demystified.
  • In: Future Network Systems and Security. FNSS 2017. Communications in Computer and Information Science  vol 759. Springer, https://doi.org/10.1007/978-3-319-65548-2_14
  • https://source.android.com/security/reports/Google_Android_Security_PHA_classifications.pdf


JX1: Lightweight modern convolutional object detectors

Tutor: Jiayue Xu

Object detection is an important task in computer vision domain. Typically,  a deep neural network based object detector requires a great deal of memory and computing power.   However, the one stage object detector such as SSD, YOLO, and RetinaNet are lightweight models which are very suitable for some speed sensitive and computation resource-limited situations. These models also have many variants or different versions. This seminar paper is a comparison of these lightweight object detectors.

References: 

  • T. Lin, P. Goyal, R. Girshick, K. He, and P. Dollár, “Focal Loss for Dense Object Detection,” in 2017 IEEE International Conference on Computer Vision (ICCV), 2017, pp. 2999–3007.
  • J. Huang et al., “Speed/accuracy trade-offs for modern convolutional object detectors,” arXiv:1611.10012 [cs], Nov. 2016.
  • W. Liu et al., “Ssd: Single shot multibox detector,” in European conference on computer vision, 2016, pp. 21–37.
  • J. Redmon and A. Farhadi, “YOLO9000: Better, Faster, Stronger,” in Computer Vision and Pattern Recognition (CVPR), 2017 IEEE Conference on, 2017, pp. 6517–6525.
  • J. R. A. Farhadi, “YOLOv3: An Incremental Improvement,” p. 5.
  • J. Redmon, S. Divvala, R. Girshick, and A. Farhadi, “You only look once: Unified, real-time object detection,” in 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2016, pp. 779–788.

JX2: Comparison of modern deep convolutional neural networks
Tutor: Jiayue Xu

Modern  deep concovolutional neural networks include many different model, such as MobileNets, VGGNet, ResNet, and InceptionResNet.  It will be difficult for a practitioner to choose a suitable model for their application.  In this seminar paper,  the student will compare the different model’s architectures and their performances(speed/memory/accuracy).

References: 

  • A. G. Howard et al., “MobileNets: Efficient Convolutional Neural Networks for Mobile Vision Applications,” arXiv:1704.04861 [cs], Apr. 2017.
  • K. He, X. Zhang, S. Ren, and J. Sun, “Deep Residual Learning for Image Recognition,” in 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), 2016, pp. 770–778.
  • C. Szegedy et al., “Going deeper with convolutions,” in Proceedings of the IEEE conference on computer vision and pattern recognition, 2015, pp. 1–9.
  • K. Simonyan and A. Zisserman, “Very Deep Convolutional Networks for Large-Scale Image Recognition,” arXiv:1409.1556 [cs], Sep. 2014.


LG: Designing application programming interfaces for security
Tutor: Lachlan Gunn

Much has been made of designing user interfaces to encourage secure behaviour: web browsers make warnings difficult to click through, operating systems require a password in order to install software, and websites use two-factor authentication in order to prevent users from simply giving away their credentials.

But equally important is API design: a badly-designed API encourages developers to make insecure design choices that undermine the security of the application. Your task will be to review the literature on API design, secure coding, language design, or anywhere else in order to help understand how to design a secure API, and to determine which features are important when choosing a language for a security-sensitive project.

References:

  • "Comparing the Usability of Cryptographic APIs", https://doi.org/10.1109/SP.2017.52
  • "An empirical study of cryptographic misuse in android applications", https://doi.org/10.1145/2508859.2516693
  • "Stack Overflow Considered Harmful? The Impact of Copy&Paste on Android Application Security", https://doi.org/10.1109/SP.2017.31
  • "Cryptography Coding Standard", https://cryptocoding.net/index.php/Cryptography_Coding_Standard


MDF1: Function orchestration in serverless computing

Tutor: Mario Di Francesco

Serverless computing is a novel paradigm where the infrastructure provider receives, processes, and responds to requests of clients by automatically taking care of the underlying processes (e.g., resource allocation, scheduling and monitoring). The main abstraction behind serverless is represented by stateless functions deployed as event handlers, usually through software containers. Even though the functions themselves are stateless, serverless solutions offered by the public cloud or available as open-source software allow the composition of functions to realize complex workflows. The student involved in this topic is expected to: introduce the serverless paradigm and describe functions in that context; describe how functions can be combined in representative use cases; analyze serverless solutions that support function orchestration. 

References:

  • E. van Eyk, L. Toader, S. Talluri, L. Versluis, A. Uta, and A. Iosup, "Serverless is More: From PaaS to Present Cloud Computing", Internet Computing, p. 9.
  • I. Baldini et al., "Serverless Computing: Current Trends and Open Problems", in Research Advances in Cloud Computing, S. Chaudhary, G. Somani, and R. Buyya, Eds. Singapore: Springer Singapore, 2017, pp. 1–20.
  • AWS Step Functions: https://aws.amazon.com/step-functions/
  • Openwhisk sequences: https://console.bluemix.net/docs/openwhisk/openwhisk_actions.html#openwhisk_actions
  • Azure Function connector: https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-what-are-logic-apps


MDF2: Barcodes for mobile computing applications

Tutor: Mario Di Francesco

Several types of barcodes have been proposed in the past, ranging from QR codes to color barcodes. The student involved in this topic is expected to: review existing barcode schemes with particular reference to those targeting mobile devices; select a few use cases in the context of mobile computing that leverage barcodes for specific application scenarios.

References:

  • G. J. Garateguy, G. R. Arce, and D. L. Lau, "QR Images: Optimized Image Embedding in QR Codes", IEEE Trans. Image Processing 23(7):2842–2853, 2014 Link: http://www.academia.edu/download/35417650/NE-42.QR_Images_Optimized_Image.pdf
  • Haupert V. and Müller T. (2018). On App-based Matrix Code Authentication in Online Banking.In Proceedings of the 4th International Conference on Information Systems Security and Privacy - Volume 1: ICISSP, ISBN 978-989-758-282-0, pages 149-160. DOI: 10.5220/0006650501490160 


MJ: Fraudulent user identification methods on social media

Tutor: Mika Juuti

Although misinformation has always been a part of human societies, the proliferation of social media with pseudonymous user accounts has exacerbated the issue. Misinformation may be fraudulent product/restaurant reviews [1,2], rumors or fake news amongst others [3]. One way of dealing with the situation is to identify which users are fraudulent. 

Survey what kind of methods there exist for identifying misbehaving users (from a service provider's perspective), e.g. [4,5]. What kind of features are indicative of fraudulent behavior? Focus on surveying several articles to get an understanding of what works and what does not. 

References:

  • Yao, Yuanshun, et al. ""Automated crowdturfing attacks and defenses in online review systems."" Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2017.
  • Juuti M., et al.  ""Stay On-Topic: Generating Context-Specific Fake Restaurant Reviews."" ESORICS 2018. 
  • Kumar, Srijan, and Neil Shah. ""False information on web and social media: A survey."" arXiv preprint arXiv:1804.08559 (2018).
  • Kumar, Srijan, et al. ""An army of me: Sockpuppets in online discussion communities."" Proceedings of the 26th International Conference on World Wide Web. International World Wide Web Conferences Steering Committee, 2017.
  • Kumar, Srijan, et al. ""Rev2: Fraudulent user prediction in rating platforms."" Proceedings of the Eleventh ACM International Conference on Web Search and Data Mining. ACM, 2018.


MMF1: Designing solutions for pervasive displays: A survey

Tutor: Maria Montoya-Freire

Pervasive displays are widely employed for showing information to the user either in public and private areas including train stations, airports, workplaces. Several solutions can be created using displays for instance, applications to enable interaction with the user or using mobile phones to control a display remotely. Nevertheless, the design of these solutions require to consider aspects such as content visualization, content scheduling and user engagement. The student involved in this topic is expected to review the state of the art on pervasive displays, provide a summary of the design of pervasive display solutions and the application scenarios for these solutions.


MMF2: Data exchange between smartphones using visible light

Tutor: Maria Montoya-Freire

Smartphones are constantly used in our daily activities for communication purposes. This is possible because of wireless technologies such as LTE, Wi-Fi and Bluetooth. However, we could still leverage other components of the smartphone to transfer data such as the camera and the screen. A very interesting scenario is to transmit and receive data purely based on the information shown on the screen and captured by its camera, for instance, through time-varying QR codes. This particular type of transmission is called visible light communication. Even though such a form of communication has a potential for several applications including secure data exchange, the achievable throughput can be very low unless efficient encoding schemes are employed. There are certain factors which impact communication performance when capturing data, for instance, ambient light, camera lens and perspective distortion. The goal of this topic is to review the state of the art on visible light solutions, provide a summary about the different techniques to improve the throughput and provide a comparative analysis among these techniques. This topic can be extended to be a master thesis.


MMF3: User engagement with public displays

Tutor: Maria Montoya-Freire

 The use of public displays is a common approach to show informative content, however people tend to ignore displays as they are not attracted to them. To overcome this issue, different methods can be employed, for instance the use of mobile devices to enable interaction with the displays or the use of proxemics to adapt content based on the distance.

The goal of this work is to review the different methods to improve user engagement with displays and discuss the advantages/disadvantages of such methods.

 References:

  • Müller, J., Wilmsmann, D., Exeler, J., Buzeck, M., Schmidt, A., Jay, T., & Krüger, A. (2009, May). Display blindness: The effect of expectations on attention towards digital signage. In International Conference on Pervasive Computing (pp. 1-8). Springer, Berlin, Heidelberg.
  • Memarovic, N., Clinch, S., & Alt, F. (2015, June). Understanding display blindness in future display deployments. In Proceedings of the 4th International Symposium on Pervasive Displays (pp. 7-14). ACM.
  • Wang, M., Boring, S., & Greenberg, S. (2012, June). Proxemic peddler: a public advertising display that captures and preserves the attention of a passerby. In Proceedings of the 2012 international symposium on pervasive displays (p. 3). ACM.


MS1: Beyond the Google's BeyondCorp
Tutor: Mohit Sethi

Ensuring security in modern enterprise networks is challenging. An enterprise network has several different types of devices (laptops, phones, desktops,PDAs), operating systems (iOS, Android, Windows, Linux), applications (webmail, thunderbird, dropbox, skype for business), and protocols (IMAP, POP3, Exchange, HTTP, CoAP). This heterogeneity, together with a large number of users, makes the job of enterprise network administrators quite burdensome. The complexity of enterprise networks also leads to breaches that are often undetected for long periods of time. 

Google describes its new approach to enterprise network security, called BeyondCorp, in a series of papers [1-6]. With this new approach, Google no longer performs access control at the network perimeter. Instead, the access control is now applied to individual devices and users. This allows Google employees to work more securely from remote locations without requiring a traditional VPN. 

In this seminar topic, the student is expected to summarize all the technical features of BeyondCorp. The student would then provide helpful guidelines for network administrators to decide whether migration to BeyondCorp would be suitable for their organization. The student may also document the steps necessary for setting up a google access proxy and provide recommendations/best practices based on her/his experience.

References:

  • BeyondCorp: A new approach to enterprise security: https://ai.google/research/pubs/pub43231.pdf
  • BeyondCorp: Design to Deployment at Google: https://ai.google/research/pubs/pub44860.pdf
  • Beyond Corp: The Access Proxy: https://ai.google/research/pubs/pub45728.pdf
  • Migrating to BeyondCorp: Maintaining Productivity While Improving Security: https://ai.google/research/pubs/pub46134.pdf
  • BeyondCorp: The User Experience: https://ai.google/research/pubs/pub46366.pdf
  • BeyondCorp 6: Building a Healthy Fleet: https://www.usenix.org/system/files/login/articles/login_fall18_05_king.pdf


MS2: Access Control for IoT devices
Tutor: Mohit Sethi

Authorization and access control are important security requirements for any network. These requirements are perhaps even more critical for IoT networks because the attacks can potentially cause physical harm (digital locks in homes and hotels). 

The Authentication and Authorization for Constrained Environments (ACE) is a working group at the IETF that is defining solutions to allow only authorized access to resources that are hosted on a IoT device. The current proposal [1] is based on the OAuth 2.0 framework.

At the same time, the oauth working group of the IETF is working on a solution [2] for using OAuth in browserless devices that do not have the necessary UI for typing in passwords (such as smart TVs and printers). The ARM mbed platform even provides an implementation of an OAuth based access control system for IoT devices [3].

In this seminar topic, the student is expected to summarize all the ongoing work in the area of access control for IoT devices. The student is also expected to provide a critical evaluation of the different solutions available. The student can identify gaps in the existing state-of-the-art and suggest new research/standardization work that remains to be done.

References:

  • Authentication and Authorization for Constrained Environments (ACE) using the OAuth 2.0 Framework (ACE-OAuth): https://tools.ietf.org/html/draft-ietf-ace-oauth-authz-17
  • OAuth 2.0 Device Flow for Browserless and Input Constrained Devices: https://tools.ietf.org/html/draft-ietf-oauth-device-flow-13
  • https://community.arm.com/arm-research/b/articles/posts/mbed-secure-device-access-enhancing-iot-device-management-with-user-authentication-and-fine-grained-access-control


MS3: CoAP Congestion control and DoS attacks
Tutor: Mohit Sethi

Constrained Application Protocol (CoAP) [1] is an application layer communication protocol designed for resource-constrained IoT devices. CoAP is based on the Representational State Transfer (REST) architecture and provides a generic request-response interaction model similar to the HyperText Transfer Protocol (HTTP). Unlike HTTP, messages in CoAP are exchanged asynchronously over the unreliable datagram-oriented transport such as UDP with optional reliability.

Services that run over UDP unprotected are vulnerable to unknowingly become part of a DDoS attack as UDP does not require return routability check. An attacker can easily spoof the source IP of the target entity and send requests to such a service. This can be used for large-scale DDoS attacks on the target. Especially, if the service returns a response that is order of magnitudes larger than the request, the situation becomes even worse. DNS servers have been widely used for DDoS amplification attacks. It has been observed that NTP Servers which also run on unprotected UDP have been used for DDoS attacks [1]. The responses from NTP servers used in the attack were found to be 19 times larger than the request. 

Recent reports [2] document how with growing adoption of CoAP, there is a major risk to the Internet infrastructure from convenient reflective DoS attacks. Other CoAP based protocols and systems such as Resource Directory (RD) [3] and pub-sub broker [4] potentially even more vulnerable to amplification. For example, resource directory responses to wild-card lookups is potentially vulnerable if run with CoAP over UDP. Since there is no return routability check and the responses can be significantly larger than requests, resource directories can unknowingly become part of a DDoS amplification attack. 

Congestion control for protocols that rely on UDP is also challenging. There is a proposal for congestion control in CoAP [5] but it does not meet the IETF requirements specified in RFC 5033. 

In this seminar topic, the student is expected to summarize the different DoS attacks that can be launched against CoAP. The student is also expected to document the challenges to congestion control for protocols that run over UDP and mechanisms that have been suggested to alleviate these.

References:

  • http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-5211
  • https://documents.trendmicro.com/assets/white_papers/wp-the-fragility-of-industrial-IoTs-data-backbone.pdf
  • https://tools.ietf.org/html/draft-ietf-core-resource-directory-18
  • https://tools.ietf.org/html/draft-ietf-core-coap-pubsub-05
  • https://tools.ietf.org/html/draft-ietf-core-cocoa-03"


PK: Is Narrowband-IoT an efficient alternative for large-scale connected devices systems?

Tutor: Pranvera Kortoci

Narrowband IoT (NB-IoT) is a Low Power Wide Area Network (LPWAN) narrowband radio technology standard developed for the IoT by 3GPP. NB-IoT stands out among other LPWAN technologies such as Sigfox and LoRa for the low latency and quality of service. The student 1) carries an exhaustive literature review on NB-IoT; 2) identifies the main advantages and drawbacks of the technology as a function of application scenarios; 3) searches and presents cases or real-world deployment of systems that rely on NB-IoT; 4) and a proof-of-concept implementation.

References: 

  • http://www.3gpp.org/news-events/3gpp-news/1785-nb_iot_complete
  • "A survey on LPWA technology: LoRa and NB-IoT", Rashmi Sharan Sinha, Yiqiao Wei, and Seung-Hoon Hwang.. https://www.sciencedirect.com/science/article/pii/S2405959517300061
  • "Narrowband internet of things: Implementations and applications", Jiming Chen, Kang Hu, Qi Wang, Yuyi Sun, Zhiguo Shi, Shibo He. https://ieeexplore.ieee.org/abstract/document/8076876
  • "Coverage and Capacity Analysis of LTE-M and NB-IoT in a Rural Area", Mads Lauridsen, Istvan Z. Kovacs, Preben Mogensen, Mads Sorensen, Steffen Holst. https://ieeexplore.ieee.org/abstract/document/7880946

RW: How deep is the learning used in wireless communications? Can we go deeper?

Tutor: Risto Wichman

Deep learning has become a potential tool for solving hard problems in many disciplines, and wireless communications in not an exception. But which problems have been already targeted/solved using deep learning? What are the pros and cons of deep learning in those cases? Can we do better (e.g., any approach that combines deep learning with existing methods)? Can we find an interesting problem in wireless communications that we can use deep learning and has not been done before?

References:

  • Deep Learning in Mobile and Wireless Networking: A Survey, ttps://arxiv.org/pdf/1803.04311 
  • An Introduction to Deep Learning for the Physical Layer, ttps://arxiv.org/pdf/1702.00832


SM: Privacy-Preserving Machine Learning using trusted hardware
Tutor: Samuel Marchal

Machine learning (ML) models require an extensive work and amount of data to be fine-tuned for a specific task. As such, they represent intellectual property and business advantage to their owner and they require to be protected from “stealing”. An approach to protect the confidentiality of an ML model is their isolation from clients who use them from prediction. This isolation can be done by hosting models in the cloud or in isolated hardware components provided by trusted execution environment (TEE).

TEEs provide a large range of functionality to enhance the security of machine learning applications. They can protect privacy of client input as well as the confidentiality of the model. They can protect the privacy of the training data used to train a model. They can also be used to check the inputs to an ML model.

The goal of this seminar topic is to survey the existing work done in using TEE to improve the security and privacy of machine learning applications. A second point is to identify gaps in the research done to date and identify novel directions to explore for applications of TEE to ML security. 

References: 

  • Efficient Deep Learning on Multi-Source Private Data https://arxiv.org/abs/1807.06689
  • A Demonstration of Sterling: A PrivacyPreserving Data Marketplace http://www.vldb.org/pvldb/vol11/p2086-hynes.pdf <http://www.vldb.org/pvldb/vol11/p2086-hynes.pdf>
  • MLCapsule: Guarded Offline Deployment of Machine Learning as a Service https://arxiv.org/abs/1808.00590
  • Slalom: Fast, Verifiable and Private Execution of Neural Networks in Trusted Hardware https://arxiv.org/abs/1806.03287
  • Securing Input Data of Deep Learning Inference Systems via Partitioned Enclave Execution. https://arxiv.org/abs/1807.00969
  • Chiron: Privacy-preserving Machine Learning as a Service. https://arxiv.org/abs/1803.05961
  • Oblivious Multi-Party Machine Learning on Trusted Processors. https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/ohrimenko
  • Reverse engineering convolutional neural networks through side-channel information leaks, https://doi.org/10.1145/3195970.3196105


SR1: Defense against server breach attacks
Tutor: Sid Rao

Token-based authentication and one-time password systems provide additional security to the traditional way of authenticating to an online service using usernames and passwords. Both of these systems require storing cryptographic secrets on the server which now becomes the single point of failures.

In this topic, the student will explore the defensive mechanisms that rely on threshold cryptography [1] and hash chains [2]  to defend against server breach attacks. The student is expected to do the literature review by comparing the defenses in terms of their practical adaptability, usability and security guarantees.

References: 

  • Agrawal, Shashank, et al. ""PASTA: PASsword-based Threshold Authentication."" Proceedings of the 2018 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2018.
  • Kogan, Dmitry, Nathan Manohar, and Dan Boneh. ""T/Key: Second-Factor Authentication From Secure Hash Chains."" Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security. ACM, 2017.


SR2: Analysis of fallback authentication mechanisms
Tutor: Sid Rao

Fallback authentication or ""recovery mechanisms"" allow the users to regain control over their online services when one or more of the authentication factors are lost or forgotten. It is natural human tendency to forget or mishandle security credentials, and such recovery mechanisms are useful to retain possession of online services. However, they may significantly reduce the security of the system if not dealt carefully. Some of the sample research questions are as follows:

 - do online services rely only on 'security questions'? ( Such questions are often prone to social engineering attacks or trusted friend attacks)

 - do they ignore additional security measures (e.g. second factors) during account recovery?

 - under what circumstances account recovery is impossible? (or when does an account get locked?)

The student is expected to carry out a small survey and comparative analysis of recovery mechanism offered by some of the popular online services (e.g. Facebook, Gmail, Twitter). The student is free to formulate their research question based on the existing literature either from (usable) systems security [1, 2, 3] or from human computer interaction [4].  Looking at the framework by Bonneau et al. [5] may also be helpful to write the final report.

P.S: More than one student can take this topic depending on their research approach (specific to thematic area e.g. HCI, user study, or systems security) and deliverables.

References:

  • Rabkin, Ariel. "Personal knowledge questions for fallback authentication: Security questions in the era of Facebook." Proceedings of the 4th symposium on Usable privacy and security. ACM, 2008.
  • Just, Mike, and David Aspinall. "Personal choice and challenge questions: a security and usability assessment." Proceedings of the 5th Symposium on Usable Privacy and Security. ACM, 2009.
  • Stavova, Vlasta, et al. "Codes v. People: A comparative usability study of two password recovery mechanisms." IFIP International Conference on Information Security Theory and Practice. Springer, Cham, 2016.
  • Hang, Alina, et al. "I know what you did last week! do you?: Dynamic security questions for fallback authentication on smartphones." Proceedings of the 33rd Annual ACM Conference on Human Factors in Computing Systems. ACM, 2015.
  • Bonneau, Joseph, et al. "The quest to replace passwords: A framework for comparative evaluation of web authentication schemes." 2012 IEEE Symposium on Security and Privacy. IEEE, 2012.


SS1: Active/Continuous authentication for mobile devices 

Tutor: Sanna Suoranta

Patel et al have published a survey on continuous user authentication methods and discuss their benefits and drawbacks. In this work, the student chooses a technique and find more information how the system currently work in practice and whether there is solutions for problems listed in the article below. 

References:

  • Vishal M. Patel, Rama Chellappa, Deepak Chandra, and Brandon Barbello. Continuous User Authentication on Mobile Devices, Recent Progress and Remaining Challenges. IEEE Signal Processing Magazine, 1 July 2016. DOI: 10.1109/MSP.2016.2555335 


SS2: Electronic identification for citizens
Tutor: Sanna Suoranta

Many countries provide strong authentication solutions that are used in services for their citizens. Some of these authentication solutions are open for other service providers, too. Furthermore, Estonia provides e-identity to citizens of other countries. In this work, the student should find out the current situation in chosen countries of interest.

References:


TA1: Bluetooth LE locator and security and privacy

Tutor: Tuomas Aura

It is possible to buy key fobs and various other locator products that help the owner to keep track of their personal belongings. The device can help in finding lost personal items and alert about possible theft as well as other location-based applications. The locators typically communicate with the user’s phone over a Bluetooth Low Energy link. The goal of this seminar project is to analyze the security and privacy issues related to such locators. Can they be used to track the user? Can a thief prevent the alarm?

References:

  • https://www.bluetooth.com/specifications/bluetooth-core-specification 
  • https://iqdevices.com/pdfFiles/BLE101-FINAL-053014.pdf
  • https://ieeexplore.ieee.org/abstract/document/7102480
  • https://www.amazon.com/s/ref=nb_sb_noss_2?url=search-alias%3Daps&field-keywords=bluetooth+locator


TA2: GPS jamming and spoofing

Tutor: Tuomas Aura

It was reported in the autumn of 2018 that Russia had jammed the GPS signal during a NATO military exercise in Northern Scandinavia. However, the news reports had no technical details of the jamming, either how it was implemented or about its effect. This made it difficult for the reporters and to the public to know how real or serious the claimed attack was. The goal of this seminar project is to find information in open literature on jamming and spoofing attacks against GPS and other satellite navigation systems. The focus should be on the technical implementation, cost, effectiveness, detectability of the attacks. Some knowledge of radio technology and mathematics would be highly beneficial for this work.

References:

  • https://www.gpsworld.com/norway-finland-suspect-russia-of-jamming-gps/
  • http://poepper.net/papers/ccs139-tippenhauer.pdf
  • https://www.researchgate.net/profile/Alan_Grant5/publication/228897052_GPS_Jamming_and_the_Impact_on_Maritime_Navigation/


TB1: Email security

Tutor: Thanh Bui

Email validation mechanisms, such as DMARC, SPF and DKIM, have done a great job in filtering spam emails. However, they also cause problems for genuine emails. For example, mailing list might not work in the presence of DMARC. The goal of this seminar topic is to survey email validation techniques to see how they work, what problems they can cause, and how the problems can be fixed.

References:

  • DKIM, https://tools.ietf.org/html/rfc6376
  • SPF, https://tools.ietf.org/html/rfc7208
  • DMARC, https://tools.ietf.org/html/rfc7489
  • DMARC Secured Your Email Identity, But See How it Ruined Mailing Lists, https://www.sam.today/blog/dmarc-secured-your-email-identity-but-see-how-it-ruined-mailing-lists/


TB2: Native code security

Tutor: Thanh Bui

Writing secure code is essential for any software engineers. The goal of this seminar topic is to survey common code vulnerabilities in C/C++ and what techniques or coding practices can be used to mitigate those vulnerabilities. There are various types of vulnerabilities in C/C++ (e.g. buffer overflow, format string errors, integer overflow, and race conditions), the student can focus on just one or a couple of them.

References:

  • https://sgros-students.blogspot.com/2017/01/vulnerabilities-in-cc-code.html
  • https://security.web.cern.ch/security/recommendations/en/codetools/c.shtml
  • https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=88046682


TG: Automatic detection of rumor from social media
Tutor: Tommi Gröndahl

Rumors spread rapidly in social media. Their automatic detection is a challenging task at the intersection of machine learning, natural language processing, and information security research. The seminar paper will be of a survey of state-of-the-art methods in rumor detection from social media sites such as Twitter, based on both textual content as well as user-based features.

References:

  • https://www.researchgate.net/profile/Tetsuro_Takahashi2/publication/261264390_Rumor_detection_on_twitter/links/55cc873408aea2d9bdce4442/Rumor-detection-on-twitter.pdf
  • http://aclweb.org/anthology/P18-1184
  • https://www.researchgate.net/publication/304410294_Rumor_detection_in_twitter_An_analysis_in_retrospect
  • http://www.www2015.it/documents/proceedings/proceedings/p1395.pdf
  • https://pdfs.semanticscholar.org/0c1c/76df50ece162606f4aabf2536f41cd006ef4.pdf


VG: DNA Origami Nanostructures

Tutor: Vinay Gautam

DNA origami [1] enables the computer-assisted design and assembly of custom two-dimensional shapes. The design process is based on folding of a long single viral strand called scaffold strand using hundreds of short synthetic strands called staple strands.

The goal of this seminar topic is to review the design principles of DNA origami, focussing on programmable and scalable design principles that involve hierarchical and staged self-assembly approaches[2,3]. The student is encouraged to study and understand the design process of hierarchical DNA origami shapes using FracTile compiler[4] simulation tool, however, this is optional.

References:

  • Rothemund, Paul W. K., “Folding DNA to create nanoscale shapes and patterns”, Nature, vol. 440 (297-), March 2006.
  • Petersen, Philip, Qian, Lulu, “Programmable disorder in random DNA tilings”, Nature Nanotechnology, vol. 12 (251-), Nov. 2016.
  • Tikhomirov, Grigory, Petersen, Philip, Qian, Lulu, “Fractal assembly of micrometre-scale DNA origami arrays with arbitrary patterns”, Nature , vol. 552 (67-), Dec. 2017.
  • http://qianlab.caltech.edu/FracTileCompiler/"



VH: Microservices for IIoT applications

Tutor: Vesa Hirvisalo

The vision in Industrial Internet of Things (IIoT) is the integration of massively deployed smart computing and network technologies covering several industrial areas (factory and process automation, traffic, etc.). The tradition in many of IIoT areas has been to use highly specialized and complex subsystems [1]. Microservices are seen by many as a viable approach for creating IIoT applications that are scalable, dependable, secure, and maintainable.

Microservice architectures [2] are a way of making applications by using small services that may be deployed and scaled independently of each other. In addition to the architectural pattern, microservices are also a way of thinking and an approach into system design, which differ from classical divide-and-conquer methods. Microservices emphasize coordination without transactions or complex highly specialized protocols. Microservice represent cloud-native thinking and favor technology agnostic protocols and interfacing.

The task to is make an overview of the microservice approach for IIoT. The overview can include also experimental work, but it should base its findings on a survey of the techniques.

References: 

  • H. Xu, W. Yu, D.W. Griffith. N.T. Gomie. A Survey on Industrial Internet of Things: A Cyber-Physical Systems Perspective. IEEE Access, vol 6, Dec 2018. doi:10.1109/ACCESS.2018.2884906
  • W. Hasselbring. Microservices for Scalability: Keynote Talk Abstract. ICPE, 2016. doi:10.1145/2851553.2858659

VTB1: Software Defined Radios in IoT

Tutor: Verónica Toro-Betancur

Software defined radios (SDRs) allow a flexible communication in terms of frequency, modulation and protocol. However, they are not the first option for IoT applications. For this topic, the student should focus on the use of SDRs in IoT deployments and conclude, based on technical aspects, whether SDRs could compete with the most popular communication protocols and technologies.

References: 

  • Y. Park et al. “Software Radio on Smartphones: Feasible?” The 15th Workshop on Mobile Computing Systems and Applications. 2014, 17:1–17:6.
  • M. Centenaro, L. Vangelista, A. Zanella, and M. Zorzi. Long-range communications in unlicensed bands: the rising stars in the IoT and smart city scenarios. IEEE Wireless Communications, 23(5):60–67, October 2016.

VTB2: Survey on machine learning for signal detection

Tutor: Verónica Toro-Betancur

The task is to review different machine learning techniques applied to signal detection and the identification of signal features. The modulation classification problem has been widely covered in the literature; however, this work should not only focus on that but also on the identification of other features such as communication protocol, frame size, center frequency and bandwidth.

References: 

  • C. M. Watson, Signal detection and digital modulation classification-based spectrum sensing for cognitive radio, Ph.D. thesis, Northeastern University (2010).
  • A. Hazza, M. Shoaib, S. A. Alshebeili, A. Fahad, An overview of feature-based methods for digital modulation classification, in: 2013 1st International Conference on Communications, Signal Processing, and their Applications (ICCSPA), 2013, pp. 1–6. doi:10.1109/ICCSPA.2013.6487244.
  • A. M. Farrukh Javed, Imran Shafi, A novel radio mode identification approach for spectrum sensing in cognitive radios, International Journal of Communication Networks and Information Security (IJCNIS) 4 (2) (2012) 86–90.

Last modified: Friday, 11 January 2019, 7:13 PM