So I just had this intense almost two-hour conversation with my dissertation supervisor on possible dissertation topics. To give this a bit of background, I am studying for a M.Sc. in Information Security and IT Management. My professional background is in software development and I opted to study Information Security and IT Management over Information Systems or Software Engineering as would normally be expected. The reason for this was plain and simple grandiose thirst for adventure into the unknown… I must admit, it’s been one heck of an adventure!
So I’m close to the end of my course and I’ve had all my course work handed in, placement done and all that’s left is the Almighty Dissertation. Even the name gives me shivers, like saying Mufasa around the hyenas in Lion King – Dissertation, Mufasa eeek. Anyway let’s get back to it!
So my conversation with my supervisor centred on finding a topic for me to work on and what options I really had. Being the kind of tutor that he is, my supervisor consistently shied away from out rightly giving me a list of options for me to choose from and rather wanted to pick at my own mind to see what areas I was interested in. So we talked about security around identity preservation and theft with respect to chip and pin cards. Basically, your ATM credit or debit cards come with a small golden circuit box called the chip which is capable of holding small amounts of data such as your card pin etc. Hackers have learnt to create spoof cards which POS terminals authenticate even with dummy passwords and the like. The idea would be to research the chip and pin technology and architecture, possible security flaws and their exploitations and if possible recommend solutions to these flaws, maybe even develop a prototype implementation who knows!
Next we talked about the somewhat scary area of steganograghy which would probably see me trying to develop or at least research possible alternative ways of hiding steganographic data. Possible applications would include areas like concealing information in corporations like Sony for instance, which last week lost almost 100 million personal records of its gaming customers to hackers. The Sony issue in itself is a whole other story so I’ll leave that here for now.
Finally, also along the lines of identity theft, we discussed cross site authentication using OAuth (open authentication) and the possible security implications when your email is accessible via the same authentication mechanism as your login to a file sharing site which for all intents and purposes could be a malicious front to obtain authentication details from unsuspecting subscribers!
At the end of the day, I pretty much have my task cut out for me and I hope I will sooner than later figure out which of these three very interesting areas I want to take the plunge into over the next few months…either way it’s a plunge into a cold and dark ocean!