Need Help Selecting Topics on Computer Security & Networking

Security? Why not try the latest developments on the crack of DRM? I would concentrate on Blu Ray and HD DaVinci cracking that has recently came out.

Networking? Why not Internet2 and the improvements on the TCP/IP spec?

Or you can look at ways to improve the range of Wi-fi networks via Meshes etc.

 

You can probably find quite a few articles on how Vista handles networking and security.

 

tons of articles on DRM (Digital Rights Management).

 

In the networking/telecom, the two hottest technologies right now are Voice over IP and MPLS.

 

I would suggest Hardware Virtualization and open source community. Tons of stuff out there for that.

 

Here is a pretty recent news:
Chinese Prof Cracks SHA-1 Data Encryption Scheme

It can be a really good topic to talk about since the SHA-1 encryption includes the popular MD5 algorithm, which are being used in many bank and government computers.

 

As has become distressingly common on Slashdot, there is actually an awful lot that's incorrect about this story / its summary. Among other things, this is not very recent news. The original weaknesses were discovered in February 2005, and were refined and presented in August, 2005. It's not a crack of SHA-1 exactly -- it's actually just a weakness, which I note below.

SHA-1 is not encryption, it is a hash algorithm. It has some commonality with MD5 (another hash algorithm), but the two are distinct and separate entities. There are some similarities between hashes and encryption, but they are definitely not the same thing. Briefly, the difference is as follows:

- An encrypted message contains the ciphertext of a plaintext. As such, if Alice were to encrypt a message "Hello" and send it to Bob, he would need to know the key that can be used to decrypt the message. If Eve (the eavesdropper) were to intercept the message, without the key, she would not be able to read the message. Thus, if Bob and Alice have appropriate keys shared (either symmetrical or asymmetrical, depending), they can use those keys to send secrets. Encryption provides confidentiality, but it is not designed to provide integrity.
- A hashed message does not contain the original message, but rather, is a one-way digest of a message that does not allow the recipient of the hash to determine the original message. The idea is that it is computationally infeasible to find a message that creates a given digest, and computationally infeasible to find two messages that produce the same digest. The purpose of hashes is to provide integrity -- here's an example that you can try out at this great Javascript SHA-1 hash calculator.

Alice has a message that contains the word Hello. She hashes it with SHA-1, and it gives the hash: f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0. If she sends the message to Bob, he can hash it with SHA-1 and it should arrive at the same hash: f7ff9e8b7bb2e09b70935a5d785e0cc5d9d0abf0. That guarantees that the message has not been altered during transit. Now, if Trudy intercepts the message and changes it any any way (let's say she changes it from Hello to Hell), the hash will be different: ed10fe113de1c0bdaaaaf09b88cd341ea0f44428. When Bob gets the message, hashes, and finds out that it's not the same hash that Alice got, he knows that the file's integrity has been compromised, and it's not what Alice sent him. Hashes are basically fingerprints for files - no two files have the same fingerprint (within reason). Also note that no information about the length of the message is provided -- this is not the case with encryption.

Now, SHA-1 produces a 160 bit hash, which means that there are 2^160 possible hash values that exist. To brute-force the hash (find a message that gives the hash provided) would be computationally infeasible -- to find two messages with the same hash, you'd have to hash 2^80 messages. The weakness discovered in SHA-1 basically reduces this number to 2^69. Now, that's an AWFUL lot faster, but it's still an AWFULLY LONG time. Now, it wouldn't be a bad idea to use SHA-256 or SHA-512 when you want to use a hash algorithm, but it's not the end of the world by any means. It's still relatively computationally infeasible to find a collision in SHA-1.

Lil Pun -- some topics that are always timely and have lots of info are IPv6, VOIP and e911 (I did a paper on that in grad school and it was cool), RFID (lots of areas to go with here -- maybe RFID passports?), and phishing. Social Networking sites and privacy implications is pretty cool, as is bluetooth hacking/evesdropping. Or, you could go with the SHA-1 weakness, which is pretty interesting.

Here's some great links about the SHA-1 weakness:
http://www.schneier.com/blog/archives/2005/02/cryptanalysis_o.html
http://www.schneier.com/blog/archives/2005/08/new_cryptanalyt.html
http://www.heise-security.co.uk/articles/75686
http://www.hurwitz.com/index.php?option=com_content&task=view&id=96&Itemid=58
http://www.unixwiz.net/techtips/iguide-crypto-hashes.html (awesome article, but really abot MD5 weakness, not SHA-1)

 

poke around on slashdot.org