一、招生对象

信电学院在读优秀2016级、2017级本科生

二、项目详情

1.

Project: A Learning-Based Approach for Detecting TLS/SSL Attack

Position:2-3 interns

Description:  

TLS/SSL protocolsare proposed to preserve the privacy of sensitive information communicated between client and server through encryption. Nevertheless,TLS/SSL protocols suffer from both design and implementation vulnerabilities, which enables Man-in-the-Middle attackers to compromise the privacy even without getting the encryption/decryption keys. Experiments have proved that the attacks such as Poodle, Breach, Beast, and Logjam can compromise the communication. Even worse, the attacks are hidden with encryption, which makes existing intrusion detection techniques ineffective.  

In this project, we aim to detect when and whether the TLS/SSL attack is happening as well as the construction of adversarial counter attack. More specifically, we collect the normal and attack traffic, leverage RNN model to capture the language features of the traffics and predict the traffic according to our model. Moreover, we are also investigating how the attacker can construct an adversarial attack to bypass our model. The adversarial attacks can be used to enhance the training accuracy of our machine-learning model. 

In summary, we need to achieve the following objectives:

·         Implement a variety of TLS/SSL attacks and experiment real attack in the field.

·         Construct a data set which includes a variety of normal and attack traffic.

·         Build up an RNN model which could well predict the encrypted traffic and classify normal and attack traffic.

·         Build up an adversarial attack generator aiming for our RNN model.

Requirement：

·         Good at programming

·         Background in machine learning or deep learning

·         Better to have the background in network and security 

Major Advisor: Jinsong Dong, https://www.comp.nus.edu.sg/~dongjs/

Assistant Advisor: Yun Lin

2. 

Project: A Differential Fuzzing Approach towards TLS/SSL Libraries

Position:2-3 interns

Description:  

The reliability of TLS/SSL libraries such as OpenSSL, BoringSSL, WolfSSL, etc. is of vital importance as they are widely used in message encryption/decryption in modern web applications. Fuzzing has been proved to be an effective technique to identify the vulnerabilities of binaries. However, its application on TLS/SSL is limited for the following reasons: (1) Comparing to a binary string in traditional fuzzing, the input for TLS/SSL librariesis a sequence of message interactions, which makes state-of-the-art fuzzer like AFL hard to flip (or mutate), (2) Comparing to crash-based oracle, the output of TLS/SSL libraries are server response with error/correct message, thus we lack test oracle in practice. 

In order to address the above issue, we are proposing a differential fuzzing technique. The rationale is to take multiple version of TLS/SSL libraries, feed the same input (i.e., generated interactions) and observe the discrepancies between their output. Such a strategy is called differential testing/fuzzing in Security and Software Engineering research community. The goal of this project is to identify implementation bug or vulnerabilities in popular TLS/SSL libraries such as OpenSSL, BoringSSL, WolfSSL, etc.  

In summary, we need to achieve the following objectives:

·         Develop a fuzzing framework on socket communication functionalities for TLS/SSL libraries.

·         Develop a differential fuzzing platform towards TLS/SSL libraries.

·         Investigate the potential vulnerabilities in existing widely used TLS/SSL libraries.

Requirement：

·         Good at programming

·         Background in machine learning or deep learning

·         Better to have the background in network and security

Major Advisor: Jinsong Dong,  https://www.comp.nus.edu.sg/~dongjs/

Assistant Advisor: Yun Lin

3.

Project: BinaryAnalysisonU2F-Zero and other Firmwares

Position:2-3 interns

Description:  

U2F Zero is an open source U2F token for 2 factor authentication. It is implemented securely. It works with Google accounts, Github, Duo, and anything else supporting U2F. The latest version uses key derivation and has no limit on registrations. 

However, the binary analysis on U2F Zero has not been investigated yet, which will include the static analysis using tools such as IDA and dynamic analysis using other tools. It might be possible to find some security vulnerability of U2F Zero and raise the security concern from community. 

The work can be extended to the firmware of other U2F devices such as Yubikey, or other types of devices which support 7816 protocols. 

Objectives:

·         Complete the static analysis of  U2F-zero firmware

·         Try the dynamic analysis of U2F-zero firmware

·         Try the binary analysis for other U2F device such as Yubikey from Yubico

Requirement：

·         Good at programming

·         Background in binary analysis

·         Better to have the background in system security, computersecurity 

Major Advisor:  

YangLiu

Associate Professor and 2019 University Leadership Forum Chair

http://www.ntu.edu.sg/home/yangliu/ 

Assistant Advisor: TBD

4.

Project: Malware analysis on MIPS system

Position:2-3 interns

Description:  

Inthis project, we are going to explore the behaviors of malwares running on embedded systems with MIPS processor. The possible analysis will include static analysis, dynamic analysis, or check the file operations through SPI etc. 

In summary, we need to achieve the following objectives:

·         Learn how to use some analysis tools such as IDA

·         Build up a SPI data collector using some logic analyzer

·         Malware behavior analysis

Requirement：

·         Good at programming

·         Basic knowledge of operating system and embedded system

·         Background in machine learning or deep learning

·         Better to have the skills of reverse engineering

Major Advisor: ZhenkaiLiang, https://www.comp.nus.edu.sg/~liangzk/

Assistant Advisor: TBD

5.

Project: Remote fault attacks on embedded devices

Position: 2-3 interns

Description:  

Modern systems are equipped with several features to enhance user experience and advanced operation control. However, these features can be a security risk. Several vulnerabilities in systems have been exposed exploiting these so called features. Some relevant examples are Meltdown and Spectre attack on Intel CPU exploiting speculative execution [1,2], PIN recovery attack from zero-permission sensors on Android smartphones [3] or remote fault injection using rowhammer or dynamic voltage frequency scaling (DVFS) leading to privilege escalation [4,5].

The objective of this internship will be to explore new vulnerabilities exploiting DVFS, in particular targeted for cryptographic application. The work will start with validation of the vulnerability on an embedded ARM platform, followed by an exploitation application. Finally, the work can be extended to high-end Intel or AMD processors. The ideal candidate would require working knowledge of embedded systems and be at ease with playing with device settings and features. Previous experience in signal processing and machine learning will be needed for data analysis.  

Required skills:

1. Good level of spoken and written English

2. Previous experience with embedded C for device level programming, preferably Rasberry Pi.

3. Experience in either of high level language like Python or Matlab for data analysis

4. Creativity, hard working and problem-solving attitude.

6. 

Project: Exploring side-channel vulnerabilities in deep neural networks

Position: 2-3 interns

Description:

Deep learning has seen wide adoption across domains including applications like autonomous driving, smart city, smart factory etc. In simpler words, deep learning forms the smart component of all these paradigms. Therefore, it is of utmost importance that the used deep learning architecture  (DLA) must be secure and does not leak sensitive information of the underlying application [1,2].The project is aimed at conducting advanced research on embedded security and physical (side-channel and fault) attacks.

The desired outcomes of this internship project:

• Study of the state of the art vulnerabilities in DLA

• Develop DLA testbed for exploring vulnerabilities

• Report vulnerabilities and propose mitigrations

• Publications from the conducted study 

Required skills:

This is a research project, which would need a student with computer science background with essential hands-on experience in FPGA and GPU development. The candidate should be comfortable with the C/Verilog/Python development environment and curious to explore the domain. The work will require regular interaction with standard lab equipment like hardware boards etc., underlying software, device drivers and standard lab equipment (oscilloscopes).

The devices, which would be in the scope of study, are modern GPU and FPGA. The software will be either accompanied by the device or custom coded in open source language like Java, Python or C.The applicant role will be as follow:

• Setup the FPGA test bed (i.e. communicating software, device drivers)

• Conduct vulnerability exploration on the platform

• Document the findings

三、选拔方式

1. 将个人英文简历、英文成绩单、英语能力证明等材料合成一个pdf，命名为“新加坡国立暑期科研+名字”或者“新加坡南洋理工暑期科研+名字”，同时将申请表申请表.xlsx发送至钟老师邮箱zhongtingting@zju.edu.cn,截止时间4月28日。

注：简历中请务必说明与所申请项目有关的科研背景或理论基础。

四、说明

2、申请人本人承担主要费用，包括往返机票，公寓租住及日常开销等。该项目将获得学校一定额度（不超过2万元人民币）的资助。

如有疑问，可致电：钟老师87953027