You will be organizing yourselves into teams of 3 or 4 people.
Each person enrolled in the course will choose to be in exactly one such team.
With a total class enrollment of about 20, and 4 members per team, this will
give us 20/4=5 teams.
The responsibilities of each group will be:
- Decide on the team members (Please do not form teams of less than 3
people; 4 is better.)
- Decide on a research topic (see below)
- Inform me of:
- The identities of the members of the group
- The topic to be researched
- The expected level of detail of the results
in the form of a proposal.
I will approve/clarify the topic, or suggest changes, to ensure that each
research topic is roughly comparable, and to try to avoid overlapping topics
- The group will do research on the topic, using resources such as:
- The course textbook
- Libraries (also, see the course bibliography)
- Group members' or colleagues' expertise/knowledge
- Internet resources (web sites, etc.)
- Vendor contacts
In some cases, the research
will involve actual implementation, depending on the level and detail of
- During the research, the group will keep track of the activities via a
log, and identify which team members did what, and when. (I want to
ensure that each team member pulls his/her weight.)
- The team will submit an update on the status of the project approximately
halfway through the course (see the course schedule). This is to
ensure that reasonable progress is being made, and is in each team's own
interest. This status update report does not need to be long, but it
does need to convince me that progress is being made and that the team looks
like it will be able to accomplish its goals by the due date. If there
are problems, then the team will need to show me what corrective action is
- The team will present its findings in a written report in Word document
format, due at the last class (finals week class)
(Note: I'll be looking for content, not volume -- I prefer quality
over quantity. I don't want to read large amounts of text, but I do
want it to contain real "meat" and little "fat", and to
be well organized.)
The report will contain an accounting of which team members contributed what
to the project. It will also contain citations on where the
information was gathered (books, web sites, vendors' literature, private
What's a research topic? Here are some basic ideas:
- Research a chosen topic to discover the principles and concepts of that
topic. In this case, the final report would include a good explanation
of those principles and concepts, with examples of how they are, or might
be, applied. Here are some possible approaches:
- If the topic is relatively small, then the material produced will be
expected to be detailed, with as many practical examples as possible
- If the topic is a large one, then the material produced will, of
necessity, be of a broader nature, and the depth will not be expected to
be as great as above.
- One possibility might be to learn about a product in detail, and
explain, on a practical level, how to use that product. Using PGP
might be a good choice, for example. Another might be a detailed
study of Java Security.
- Actually implement something for a particular topic. For example,
you could write a program that implements a well-known encryption cipher
algorithm (if it's a block cipher, then you'd have to implement some kind of
mode of operation), and use it to, say, encrypt a message and send it to
someone in email. The recipient would then decrypt the message and
ensure that it truly is the original plaintext.
If the topic chosen is covered in the course textbook, then you will need to
show that you have studied the topic in depth, and not merely reformulated the
Here are some potential research topics to consider (in no particular order):
- Detailed description of a cryptographic cipher:
- The Enigma machine and how it was broken
- The Purple machine and how it was broken
- Elliptic Curve Cryptography/Ciphers
- Quantum Cryptography
- Detailed study of a security product or major security function:
- Electronic Mail
- Description/Analysis of the mathematics behind a major security feature:
- Elliptic Curves
- Polynomial Arithmetic with Coefficients in Zp
- Finite Fields of the form GF(2n)
- Description/Analysis of:
- Security issues in a networked environment
- Security issues in a web environment
- Network/Web hacking and how to secure your site against such attacks.
- Implementation of some security feature(s):
- A contemporary block cipher, together with one or more non-trivial
modes of operation (more than just ECB)
- Hash Functions/Algorithms
- Your own topic idea!
If you are researching something large and complex, then you should plan on
giving a detailed overview, perhaps with simple examples. On the other
hand, if you choose something of smaller scope, then I will expect something
For example, say you chose to research Java Security.
In that case, I think that it would be appropriate to download the appropriate
Java software and actually implement something in Java to show how itís done,
and provide examples.
On the other hand, if you chose to do a comparative study
of a number of security products (or major features), then you probably
couldnít do as much specific work. In that case, I expect more
explanation to show you've understood the principles and concepts
When you submit your initial proposal, I expect you to give
me a good idea of the level of detail you expect to provide in the final report.
So, you should try to make a balance between being too simple and not doing
enough versus overreaching and trying to do too much. Because you're
likely not to understand the scope of the project at the very beginning, until
you've done some actual research, it's OK to make an initial estimate in the
initial proposal and then refine the estimates as time progresses. That's
the type of thing you can provide in the project status update.