Call for Master's Students 2020/21
MSc Proposal 2020-21 / CA2
Title
Security and Trust Management for Censorship-Resistant Overlay Networks
Advisor
Nuno Santos
Objectives
Many states all over the world implement censorship mechanisms that prevent free access to information through the outright impairment or blockage of Internet communications. In our research team, we have built a tool, named Protozoa, which allows Internet users located in censored regions to piggyback on WebRTC-enabled streaming applications, such as Whereby.com, in order to establish covert tunnels that can circumvent said mechanisms. A user only needs to make a video call with a friend located in the free Internet region. That friend runs a proxy service that will allow all Internet traffic generated by Alice to securely and secretly cross the boundaries of the censored region and reach blocked services such as Youtube or Twitter. Based on this point-to-point hidden communication capability, our next step is to build CRON, a Censorship-Resistant Overlay Network that will allow those users that do not have direct contacts with trusted peers to access the free Internet region in a mediated fashion, i.e., by leveraging a friend of a friend as a proxy.
Specifically, the goal of this thesis is to design and implement the security monitor system that will supervise the communications between clients and proxies. These communications will take place by stitching up several Protozoa channels along the way which will constitute a covert circuit. This thesis will be concerned with all aspects of the system related with security and trust management issues. Security wise, it will be necessary to provide the means for: i) issuing location proofs for proxies (i.e., proxies must effectively be located outside the censored region), and ii) guaranteeing the end-to-end security of the circuit, preventing for instance man-in-the-middle attacks in between the connections of Protozoa channels. With respect to trust issues, it involves the development of mechanisms for both clients and proxies. On the one hand, clients need to be convinced that a friend of a friend can also be a trustworthy proxy (e.g., it is not a state-controlled agent). On the other hand, proxies need to be convinced that their services will not be abused by malicious clients for accessing illegal content which would make them liable to prossecution in their own countries (e.g., for facilitating access to child pornography). This system will be built on top of the Protozoa system. We expect this work to make original scientific contributions. The resulting system will be released as an open source project. If you like building distributed security systems, this is the right topic for you.
Requirements (e.g., grades, concluded courses)
Interest in security and distributed systems. Proficiency in C/C++ programming. Willingness to learn the Rust programming language. (The CRON system will most probably be implemented in Rust.)
Location
IST-Alameda (INESC-ID) or IST-Tagus
Observations
For more information about this project, please visit: https://www.gsd.inesc-id.pt/~nsantos/msc-topics/msc-topics-CA.html. This work will be performed in collaboration with Diogo Barradas, a PhD student with expertise in traffic analysis, censorship resistance systems, and machine learning.