13 Topics from Prof.Sasu (Applications and Services): 1

13 Topics from Prof.Sasu (Applications and Services):

1. CISCO LISP proposal LISP proposes a new tunneling mechanism to be used by the Internet's edge and core routers. The protocol logically separates a block of IP addresses that a company advertises into two functions: one for identifying the systems using the IP addresses; and the other for locating where these systems connect to the Internet. - Architecture and protocol overview - Discussion on security and mobility http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_11-1/111_lisp.html - Recent article in IEEE Communications magazine, July, 2009. - OpenLISP http://conferences.sigcomm.org/sigcomm/2009/demos/sigcomm-pd-2009-final52.pdf

2. Application-layer traffic optimization - Summary and discussion of the survey paper in IEEE Communications Magazine, August, 2009 (no copy/paste). http://www.comsoc.org/livepubs/ci1/public/2009/aug/index.html

3. De-anonymizing the Internet Using Unreliable IDs Summary and discussion of Sigcomm 2009 paper (no copy/paste): http://ccr.sigcomm.org/online/?q=node/500

4. Persona: An Online Social Network with User-Defined Privacy Summary and discussion of Sigcomm 2009 paper (no copy/paste): http://ccr.sigcomm.org/online/?q=node/496

5. HTML 5.0 for Web applications HTML 5 is the next major revision of HTML. General survey of HTML 5.0 and the main features http://dev.w3.org/html5/spec/Overview.html

6. Messaging in HTML 5.0 Survey of communications features supported by HTML 5.0 The messaging system allows documents to communicate with each other regardless of their source domain. http://dev.w3.org/html5/spec/Overview.html http://dev.w3.org/html5/eventsource/ http://dev.w3.org/html5/websockets/

7. W3C Widgets - Summary of the Widgets API - Implications for mobile applications http://www.w3.org/TR/widgets/ http://dev.w3.org/2006/waf/widgets-api/

8. Applications using Publish/Subscribe Networking API - Several students can take this topic - Take an existing distributed application and sketch how it could be implemented using pub/sub API - PSIRP (www.psirp.org) - http://conferences.sigcomm.org/hotnets/2007/papers/hotnets6-final50.pdf

9. Qt technology - Qt is a cross-platform application development framework that is widely used to develop GUIs. - Overview of the programming environment - http://qt.nokia.com/

10. Scaling Web Services: Google MapReduce - MapReduce is a framework for supporting distributed computing on large data sets in clusters. - Hadoop implementation and others - labs.google.com/papers/mapreduce-osdi04.pdf

11. Scaling Web Services: Google BigTable - BigTable is a compressed, high performance, and proprietary database system. - labs.google.com/papers/bigtable-osdi06.pdf

12. Google Wave - Google Wave is a personal communication and collaboration tool. - Summary of Google Wave architecture and protocol. http://code.google.com/apis/wave/ http://www.waveprotocol.org/

13. OAuth - OAuth is an open protocol that allows secure API authorization on the Web. - Summary OAuth and latest developments - http://oauth.net/

################################################################################

3 Topics from Dr.Sakari (Software Business):

1. API management services and web-service marketplaces. The emergence of Web 2.0 concept and mashup applications in the Internet have increased the willingness of different service providers to offer open access to their systems API:s. For some companies as Twitter, API:s can actually draw more traffic then their websites. This complicates the releasing of API:s and makes good API management infrastructure necessity. Building and running API management service is expensive and difficult so a few companies have emerged to provide this functionality. Some of these companies also provide or are in position to provide web-service marketplaces as they handle billing for multiple API users and providers.

The study should cover the following issues: Overview of web services and marketplaces Identification API management and marketplace functionalities Case study of some API management providers and their businesses Analysis of future development

2. NFC in mobile ticketing Near Field Communication is a wireless short-range communication technology that is compatible with existing ISO/IEC 14443 smart cards and readers. These smart cards include, most notably, travel cards used worldwide in public transportation. Thus, bringing NFC technology into mobile phones allows using these handsets in place of travel cards, offering numerous benefits to both end users and service providers. However, while NFC has been found to be technologically mature, business-related issues have slowed down the deployment of the technology.

The study should cover the following issues: A literature overview of NFC in mobile ticketing applications Analysis of the related value network Substitutes for the NFC in mobile ticketing service and their relative benefits and disadvantages Case study of a commercial mobile ticketing deployment: Hanau, Frankfurt, or Japan (Mobile Felica)

3. Mobile social networking The business aspects related to the social networking solutions supporting mobility are currently of high interest. The existing service providers have started to provide mobile extensions to their solutions and several new entrants have started to be active in this business, too. The mobile platform provides new interesting features for the social networking like micro payments, positioning and increased reachability.

The study should cover following issues: Overview of mobile social networking Identification of relevant mobile specific service features Case study of Twitter Analysis of future development

################################################################################

8 Topics from Prof.Tuomas (Security):

1. Filtering DoS attacks in routers Distributed denial-of-service attacks aim to exhaust the capacity of target access link or server IP stack. In most cases, gateway routers are the first line of defense against such DoS attacks. For this purpose, the routers include DoS defense functionality for filtering unwanted packets.

The paper should describe the common packet-flooding DoS attacks and filtering mechanisms in routers.

2. Enforcing acceptable-use policies Internet service providers, workplaces and universities usually have an acceptable-use polity to limit the kinds of activities that users are allowed to undertake over their Internet connection. For example, some organizations ban P2P file sharing or access to pornography.

This paper should investigate the types of acceptable use policies exist, for example,at universities or companies, and what technical solutions exist to enforce them.

3. Sources of latency in wireless roaming Handoffs between wireless 802.11 access points, networks and wireless access technologies cause a delay in the transfer of application data. Most of the latency results from the need to authenticate and authorize the client. The paper should investigate the causes of authentication latency for wireless clients, how it affects different applications, and what can be done to control it.

4. The Mobile IP protocol and its extensions Mobile IP was the first standardized mobility protocol for the IP layer. It is already a fairly old protocol and has not been widely deployed, yet the basic architecture of Mobile IP has been the basis of many other mobility protocols for the Internet. This paper should describe Mobile IP and investigate the wide range of protocols that build on it.

5. Remote wiping of mobile devices Wireless phones and PDAs increasingly include a remote wiping mechanism that can be used to delete confidential data on the device after it has been lost or stolen. The paper should investigate how the remote wiping is implemented on existing devices, including the whole architecture from administration and key management to erasing memory contents. Optionally the paper may also cover wiping mechanisms from the literature or ones suggested by the author.

6. BitLocker drive encryption, its vulnerabilities and alternative solutions. Lost and stolen laptop computers have become a major security headache for businesses. Many of them contain confidential business plans or customer data. The BitLocker drive encryption in Windows addresses these concerns by encrypting the hard disk of a computer in such as way that when the computer is powered down, it is impossible for a thief to recover the data.

The paper should explain how BitLocker encryption works and investigate, what are its vulnerabilities, and what other similar technologies are available.

7. Setting up wireless connections Wired network devices could be connected to each other relatively securely with a cable. Connecting wireless devices to each other involves not only instructing the correct devices to form a connection to each other but also the distribution of cryptographic keys for security. WiFi Protected Setup, Bluetooth Simple Pairing and Wireless USB all attempt to provide user-friendly mechanisms for pairing wireless devices securely.

The paper should compare the above pairing mechanisms and their security properties and assumptions.

8. Firewall policy for a small business Firewalls protect company networks against attacks from the Internet. They do this mainly by filtering inbound or outbound IP packets and connections at the periphery of the company network. In some cases, firewall can monitor the data content more closely, for example, by looking at the URLs requested from web servers. The goal of this project is to learn about common guidelines for configuring a firewall and give some examples of reasonable firewall configurations for a small business.