ELTE-OTP KIBERLAB TOPICS 2023/2024 Semester 1

1. Development of a News Analysis System

The main goal of the project is to develop an AI news analysis system that downloads, evaluates, and classifies news relevant from an IT security perspective, and then displays the highly important ones.

Topics within the project open for application:

• News crawler: The student’s task during the semester is to write an automated IT security news and article downloader program/script that can later be used for the system. Solutions already exist for this, but the completion requires creating a well-functioning, independently developed solution.
  Descriptions and technologies related to the task:

  • Web scraping: https://en.wikipedia.org/wiki/Web_scraping
  • News scraping: https://oxylabs.io/blog/news-scraping

• AI API Prompt engineering: During the semester, the student’s task is to find the exact expressions and instructions that, when given to an open AI system, yield an appropriate summary of an IT security article or news item.
  Descriptions and technologies related to the task:

  • Prompt engineering: https://en.wikipedia.org/wiki/Prompt_engineering
  • OpenAI ChatGPT: https://openai.com/chatgpt

2. Cryptography

Every semester in the lab we plan to address topics related to theoretical IT security, primarily in the field of cryptography.

Topic open for application:

• Post-quantum cryptography: The student must collect and classify the available theoretical solutions, and then examine whether there are working, already deployed implementations of these.
  Descriptions and technologies related to the task:
  • Post-quantum cryptography: https://en.wikipedia.org/wiki/Post-quantum_cryptography
  • NIST standardization: https://csrc.nist.gov/projects/post-quantum-cryptography
  • FIDO2 Google implementation: https://thehackernews.com/2023/08/google-introduces-first-quantum.html

3. Open Banking

The goal of the project is to summarize current open banking systems and to prepare for research based on transaction analysis.

Topics within the project open for application:

• Examination of fraud methods: The student’s task is to write comprehensive documentation on the forms of IT security-related banking fraud based on foreign literature, and to research existing prevention systems in practical use.
  Descriptions and technologies related to the task:

  • Phishing: https://en.wikipedia.org/wiki/Phishing
  • QR Phishing: https://www.techtarget.com/searchsecurity/feature/Quishing-on-the-rise-How-to-prevent-QR-code-phishing

• Device fingerprint analysis: There are many methods for collecting data about a device connecting to a system, which can be used to identify whether a previously seen device is attempting to connect or a completely new one. The student’s task is to learn about these methods and to develop an algorithm for identification.
  Descriptions and technologies related to the task:

  • Device fingerprint: https://en.wikipedia.org/wiki/Device_fingerprint
  • Microsoft fingerprinting: https://learn.microsoft.com/en-us/dynamics365/fraud-protection/device-fingerprinting

• Analysis of PSD2 and PSD3: During the semester, the goal is to study the implemented PSD2 and the forthcoming PSD3 technologies from a theoretical perspective, and then to examine in practice exactly how communication takes place and what data is exchanged.
  Descriptions and technologies related to the task:

  • PSD2: https://en.wikipedia.org/wiki/Payment_Services_Directive
  • PSD3 draft: https://ec.europa.eu/commission/presscorner/detail/en/ip_23_3543

4. Digital Rights Management System

The goal of the project is to assist in the development of a usable DRM system.

Topics within the project open for application:

• System testing: The student’s task is to test a DRM solution and document the results against various attacks.
  Descriptions and technologies related to the task:

  • DRM: https://en.wikipedia.org/wiki/Digital_rights_management
  • Desktop sharing: https://en.wikipedia.org/wiki/Desktop_sharing

• Media packaging research: The student identifies the appropriate tool for the task — one capable of encrypting and efficiently packaging media files.
  Descriptions and technologies related to the task:

  • Shaka packager: https://github.com/shaka-project/shaka-packager
  • HLS: https://en.wikipedia.org/wiki/HTTP_Live_Streaming
  • WebM: https://en.wikipedia.org/wiki/WebM

5. Security Analysis of Open-Source Systems

The goal of the project is to examine freely available, widely used offensive tools from a security perspective.

The aim of the research is to learn as much as possible about open-source cybersecurity tools and their code, in order to be able to use them later and to defend against them more effectively.

Topic open for application:

• Comparison of pentest tools: The student’s task is to select several tools with similar purposes, analyze them, and build a database from the results.
  Descriptions and technologies related to the task:
  • OWASP-amass: https://github.com/owasp-amass/amass
  • Nikto: https://github.com/sullo/nikto

6. Security Issues of Artificial Intelligence

An increasing number of systems use artificial intelligence in various fields; the goal of the research is to examine their security.

Topic open for application:

• Security testing of LLM systems: The student’s task is to study the relevant literature and test the vulnerabilities described therein.
  Descriptions and technologies related to the task:
  • LLM: https://en.wikipedia.org/wiki/Large_language_model
  • OWASP LLM TOP10: https://owasp.org/www-project-top-10-for-large-language-model-applications/assets/PDF/OWASP-Top-10-for-LLMs-2023-v1_1.pdf