Team Research Project

Home ] Up ] Cracking a Simple Cipher ] Cracking Classic Ciphers ] Probability ] [ Team Research Project ]

 

Description

You will be organizing yourselves into teams of 3 or 4 people.   Each person enrolled in the course will choose to be in exactly one such team.  With a total class enrollment of about 20, and 4 members per team, this will give us 20/4=5 teams. 

The responsibilities of each group will be:

  1. Decide on the team members (Please do not form teams of less than 3 people;  4 is better.)
  2. Decide on a research topic (see below)
  3. Inform me of:
    1. The identities of the members of the group
    2. The topic to be researched
    3. The expected level of detail of the results

    in the form of a proposal.   I will approve/clarify the topic, or suggest changes, to ensure that each research topic is roughly comparable, and to try to avoid overlapping topics across teams.

  4. The group will do research on the topic, using resources such as:
    • The course textbook
    • Libraries (also, see the course bibliography)
    • Group members' or colleagues' expertise/knowledge
    • Internet resources (web sites, etc.)
    • Vendor contacts
    • etc.

    In some cases, the research will involve actual implementation, depending on the level and detail of study.

  5. During the research, the group will keep track of the activities via a log, and identify which team members did what, and when.  (I want to ensure that each team member pulls his/her weight.) 
  6. The team will submit an update on the status of the project approximately halfway through the course (see the course schedule).  This is to ensure that reasonable progress is being made, and is in each team's own interest.  This status update report does not need to be long, but it does need to convince me that progress is being made and that the team looks like it will be able to accomplish its goals by the due date.  If there are problems, then the team will need to show me what corrective action is being taken.
  7. The team will present its findings in a written report in Word document format, due at the last class (finals week class)
    (Note: I'll be looking for content, not volume -- I prefer quality over quantity.  I don't want to read large amounts of text, but I do want it to contain real "meat" and little "fat", and to be well organized.)
    The report will contain an accounting of which team members contributed what to the project.  It will also contain citations on where the information was gathered (books, web sites, vendors' literature, private communications, whatever.)

Research Topics

What's a research topic?  Here are some basic ideas:

  1. Research a chosen topic to discover the principles and concepts of that topic.  In this case, the final report would include a good explanation of those principles and concepts, with examples of how they are, or might be, applied.  Here are some possible approaches:
    • If the topic is relatively small, then the material produced will be expected to be detailed, with as many practical examples as possible
    • If the topic is a large one, then the material produced will, of necessity, be of a broader nature, and the depth will not be expected to be as great as above.
    • One possibility might be to learn about a product in detail, and explain, on a practical level, how to use that product.  Using PGP might be a good choice, for example.  Another might be a detailed study of Java Security.
  2. Actually implement something for a particular topic.  For example, you could write a program that implements a well-known encryption cipher algorithm (if it's a block cipher, then you'd have to implement some kind of mode of operation), and use it to, say, encrypt a message and send it to someone in email.  The recipient would then decrypt the message and ensure that it truly is the original plaintext.

If the topic chosen is covered in the course textbook, then you will need to show that you have studied the topic in depth, and not merely reformulated the information.

Here are some potential research topics to consider (in no particular order):

  • Detailed description of a cryptographic cipher:
    • The Enigma machine and how it was broken
    • The Purple machine and how it was broken
    • Elliptic Curve Cryptography/Ciphers
    • Quantum Cryptography
    • etc.
  • Detailed study of a security product or major security function:
    • Kerberos
    • PGP
    • IPsec
    • SSL/TLS
    • Electronic Mail
    • etc.
  • Description/Analysis of the mathematics behind a major security feature:
    • AES
    • Elliptic Curves
    • Polynomial Arithmetic with Coefficients in Zp
    • Finite Fields of the form GF(2n)
    • etc.
  • Description/Analysis of:
    • Security issues in a networked environment
    • Security issues in a web environment
    • Network/Web hacking and how to secure your site against such attacks.
    • etc.
  • Implementation of some security feature(s):
    • A contemporary block cipher, together with one or more non-trivial modes of operation (more than just ECB)
    • Hash Functions/Algorithms
    • etc.
  • Your own topic idea!

If you are researching something large and complex, then you should plan on giving a detailed overview, perhaps with simple examples.  On the other hand, if you choose something of smaller scope, then I will expect something more specific.

For example, say you chose to research Java Security.  In that case, I think that it would be appropriate to download the appropriate Java software and actually implement something in Java to show how it’s done, and provide examples.

On the other hand, if you chose to do a comparative study of a number of security products (or major features), then you probably couldn’t do as much specific work.  In that case, I expect more explanation to show you've understood the principles and concepts

When you submit your initial proposal, I expect you to give me a good idea of the level of detail you expect to provide in the final report.   So, you should try to make a balance between being too simple and not doing enough versus overreaching and trying to do too much.   Because you're likely not to understand the scope of the project at the very beginning, until you've done some actual research, it's OK to make an initial estimate in the initial proposal and then refine the estimates as time progresses.  That's the type of thing you can provide in the project status update.

This page was last changed on January 15, 2005