The project consists of a software implementation and demonstration of your method to make "your
data processing application" secure against attacks that we have studied in this class, including at
least data eavesdropping, data modification and data replay. Your project should consist of the
1) Choose your data processing application; suggestions include the following:
1. Party1 e-mails a message to Party2,
2. Party1 posts a web page on the internet that (some or all) other Parties can read,
3. Party1 posts a blog on an internet page that (some or all) other Parties can read,
4. Party1 stores on and later retrieve files from a cloud server,
5. Party1 stores files on a cloud server and later allows other Parties to retrieve (some of) them,
6. Party1 posts messages and/or files on a social network that (some or all) other Parties can
7. your favorite data processing application (if approved by the instructor).
2) Analyze how attacks studied in this class, including at least data eavesdropping, data modification
and data replay, impact the security, functionality, and/or efficiency of your data processing
application; in other words, what can go wrong as a consequence of one or more of these attacks.
3) Design methods to protect your data processing application against as many of these attacks as
possible. Your methods should be based on cryptographic primitives studied in our class.
4) Implement your cryptography methods in C or C++ , based as much as possible on open-source
software libraries (e.g., OpenSSL, Crypto++, etc.), and combined as much as possible with a real-life
data processing application (e.g., a real-life email, cloud storage, web application). Unleash your
creativity in performing this combination, with the understanding that any combination will be
acceptable. Implement your non-cryptography methods, if any, using your favorite programming
language. You are not required to use software from your chosen real-life data processing
application (if you do, that's essentially considered extra credit). Your methods should keep the
data processing functionality (that is, your method should preserve your data processing
integrity attack detection,
replay attack detection, and
Before starting implementation, you have the option to check your design with the instructor.
5) Prepare a project presentation file (using, for instance, Microsoft Powerpoint) including a detailed
description of above steps 1-4, together with a demonstration (using videos or screenshots) of how
your methods work in conjunction with the specific real-life data processing application. In your
demonstration, you might likely need to run the real-life data processing application.
Your submission will be judged based on the following project grading criteria:
1. Application choice (i.e., if you chose a real-life data processing application, how interesting is the
2. Security analysis (i.e., if you analyzed all or at least the most important attacks to the chosen data
processing application, etc.)
3. Design validity (i.e., if you chose appropriate cryptographic primitives, if the schemes instantiating
the primitives and their key length parameters are valid choices in terms of security and efficiency)
4. Implementation validity (i.e., if your software, after inspection of the presentation demonstration
and some amount of testing, seems to satisfy correctness; if your software is easy to use / run, has a
well-written readme file, etc.)
5. Demonstration/presentation quality (i.e., if the presentation is well written and insightful, if the
demonstration is clear and insightful, etc.).