CS 8803 - Cellular and

Mobile Network Security:

Class Projects
Professor Patrick Traynor
8/30/2012
Georgia Tech Information Security Center (GTISC)

Whats the Difference?

What is the difference between an BS, MS and PhD?

How many points do you need to draw a line?

This is a graduate class, so your best effort is not just

required, it is expected.

The work that you do here needs to have the goal of

becoming publishable.

Fine fine... how the heck do you do that??

Georgia Tech Information Security Center (GTISC)

Projects

Lots of questions have been sent to me via email in regards to

the course project.

Please tell me a project that I can do

Its not as easy as that.

This is going to be a hard course

You need to be creative!

Graduate students need to be able to identify and solve problems

Simply building someone elses idea is not going to cut it.

Georgia Tech Information Security Center (GTISC)

What is research?

Which activities are research?

Designing a new protocol?

Building an implementation of a protocol?

Measuring the cost of the protocol?

Formally evaluating the correctness of a protocol?

Developing methods of implementing/evaluating a protocol?

Georgia Tech Information Security Center (GTISC)

What is not research?

Arguing the quality of a protocol?

Arguing the appropriateness of a protocol?
Surveying a field?
Illustrating a limitation of a common practice or
system?

Georgia Tech Information Security Center (GTISC)

A Cynical Definition

That which counts on your vita... is research.

The hardest thing about a PhD is figuring out what

research is...

Georgia Tech Information Security Center (GTISC)

Research vs. Engineering

Novelty...

Engineering is often harder than research

Importance... (sort of)

Discovering a new fact or idea

One must be careful to understand the difference

Georgia Tech Information Security Center (GTISC)

Research vs. Opinion

Arguing a position is not research unless it uncovers

some new thought or methodological device.

Difference is very subtle

Experts will often produce manifesto about an area

E.g., Ten Risks of PKI: What Youre Note Being Told About
Public Key Infrastructure. C. Ellison and B Schneier,
Computer Security Journal, v 16, n 1, 2000, pp 1-7.

The key here is that they are experts and have the bona fides to make such
an argument.

This is not research

Georgia Tech Information Security Center (GTISC)

Why is there so much bad research?

Most papers (90+%) I encounter are bad -- for one or more

of the following reasons. The authors ...

...dont formulate the problem well (or at all).

...dont motivate the problem well (or at all).
...address an unimportant or moot problem.
...are not familiar with the breadth or depth of the area.
...do not discuss important related work.
...do not have a coherent solution or it does not solve the problem.
...do not have a coherent or appropriate methodology.
...do not apply the methodology well.
...do not draw the correct conclusions from the results.
...do not present the work well enough to be understandable.
...do not articulate the impact/take away.

Any paper failing to do any of these things is a failure.

Georgia Tech Information Security Center (GTISC)

Security Research

Can be as diverse as computer science itself

Systems design
Formal analysis
Programming languages
Hardware design
Software engineering
Human Computer Interfaces
Networking...

Some are specific to security

Cryptography
Secure protocol design
Security policy

Georgia Tech Information Security Center (GTISC)

10

Idea Formulation

The essential part of successful research is picking

good problems and solutions.

If it is so easy, just jump in...

Georgia Tech Information Security Center (GTISC)

11

Idea Formulation (cont)

Good approaches to finding ideas:

Read lots of papers in a particular area you think is interesting

Read the newspaper and figure out what problems people have
Read slashdot and learn about new emerging technology.

...but ignore the vast majority of user comments

Then as the following questions (write down answers)

What are the problems that this area asks?

What methodological tools are people using to address
problems in this area?
How do your set of skills apply to these problems?
How is the field evolving?
How are expected changes in the larger computer science
community going to affect the known problems and solutions?

Georgia Tech Information Security Center (GTISC)

12

Hammers

How do you solve problems?

Are you an expert in performance analysis? Formalism? Are

you a policy specialist? Complexity reductions? Simulation
master? Are you a systems builder? Interested in static
analysis?

Understand what techniques are being used in each

area so that:

You can speak the language of that sub-community.

You can understand the shortcomings of their methods and

bring in your own hammers

Georgia Tech Information Security Center (GTISC)

13

Idea Formulation - Jumbles

Do the following exercise:

(5 minutes) Take four pieces of paper out of the bag being

passed around and come up with as many paper titles as you
can.

This is not an outline, there is no ordering.

Use your imagination!
Creativity is the essence of this exercise (dont overthink)
Some of the list will be nonsense - do not filter thoughts!

Example: If I got Web 2.0 and Location, I might come up

with the following (just a start):

Large-scale Localization of Users based on Social Network Group

Behaviors, The Impact of Web 2.0 on Network Stability, The Leakage of
Private Information from Web 2.0 Applications.
Of course, this is general - focus your thoughts specifically on the paper
e.g., better algorithm than the authors -- use graph theory

Georgia Tech Information Security Center (GTISC)

14

Idea Formulation - Articles

Read the following article.

Speed is the key - not deep understanding.
When you finish, write down the words that come into
your mind.

Things you saw in the article

Words or phrases that arose from these words

A Paper Title

This is stream of consciousness - there are no right or

wrong answers, and grammar does not count.

Georgia Tech Information Security Center (GTISC)

15

Notes on Authorship

This is the most dangerous part of publishing. This has led to

very serious rifts in the profession...

Make sure that anyone involved knows the policy (what one needs to
do to be an author) the expectations and the repercussions of not
participating as expected.

Ordering matters in some fields (systems), not in others(math).

Make sure everything is clear to everyone before getting
started.

I know of best friends who no longer speak to each other.

A paper is never worth that kind of heartache, but people will surprise
you.

Do you have a policy and what is it?

Georgia Tech Information Security Center (GTISC)

16

Teams, Ideas, etc

Students must form into groups of 2 with the expectation of

creating a publishable work by the end of the semester.

I expect more from groups than individuals.

Graduate students are all considered to be at the same level PhD.

Undergrads can focus more on an application, but are highly

encouraged to join a team with graduate students.

Having a publication before grad school/the real world is a big plus on your resume.

You must come together as a group and pick a project.

Georgia Tech Information Security Center (GTISC)

17

Idea Assignment: 9/18/12

Everyone has 5 minutes to present idea (3 slides)

Area

Problem

Related Works

Solution

Methodology

Expected Results

Expected Take Away

}
}

Slide 1
Slide 2
Slide 3

Everyone should practice timing and presentation. If

the idea is not appropriate (tough love), or you dont
finish in 5 minutes, you will do it again next class.

Georgia Tech Information Security Center (GTISC)

18