School of Computer Science and Statistics
Stephen Farrell Due to the potential damage a cryptrographically relevant quantum computer could do to uses of widely used asymmetric cryptographic algorithms, a range of new “post-quantum” algorithms have been developed and are being widely deployed, e.g. in TLS in web browsers. This project is to investigate potential timing issues with implementations of such algorithms, likely reproducing … Read more
We have forks or PRs for adding ECH to each of the above-named servers, however it would be nice to also have some ECH tests to go with those, e.g. using selenium and a headless browser to check browser interoperability. The project is therefore to develop such a test setup that could be integrated with … Read more
We contributed the code for the experimental Encrypted Client Hello (ECH) feature to the curl project. As curl is just a client, current ECH tests require use of an external ECH-enabled server, which is undesirable. The project’s goal is to make progress on devloping curl ECH tests, which likely requires development of a test server … Read more
Email is inherently a delay-tolerant application. However, modern email deployments involve online checks used by anti-spam mechanisms, non-standard UA/MS interactions, MFA client authentication and hop-by-hop encryption all of which can be problematic in the face of high delays or disruptions, and perhaps especially at scale. The project here is to analyse how significant delay and … Read more
Scanning public-facing Internet services in order to detect security- and privacy-relevant patterns and problems is becomming well-trodden ground. Typical studies attempt Internet-scale IPv4 scans, e.g., to detect uses of outdated ciphers in uses of the Transport Layer Security (TLS) protocol. More local scans (e.g., https://eprint.iacr.org/2018/299) could however produce results that are easier to translate into … Read more
The project is to survey censorship measurement tools and data sets (e.g. https://ooni.org/ and similar), to compare and contrast those, and then use some subset of the identified tooling and data to compare the censorship situation for Internet users based in Ireland against the position of users based in some other country, to be agreed … Read more