Differences between revisions 1 and 13 (spanning 12 versions)
Revision 1 as of 2013-04-16 21:09:51
Size: 2919
Editor: ?OliverHamm
Comment:
Revision 13 as of 2013-05-16 14:08:02
Size: 4478
Editor: ?OliverHamm
Comment:
Deletions are marked like this. Additions are marked like this.
Line 2: Line 2:
= Student Application Template = = Application Form =
Line 5: Line 5:
 * '''Contact/Email''': Oliver.C.Hamm@gmail.com
 * '''Background''': I'm a 24 year old, 3rd year student (last year of bachelor's degree here) at Paris-Diderot University in Paris/France. I've studied and coded ( among other languages ) in C, Java, PHP, and I can learn the basics of C++ in no time since ( please don't ban me for this ) it looks like the offspring of Java and C to me, and I can already code in both. As for cryptography I've followed the Coursera courses (https://www.coursera.org/course/crypto) a couple of months ago and read a couple of books on the subject. I intend on working in computer security later on, and this is a good opportunity for me to acquire experience in that domain.
   * '''Contact/Email''': Oliver [DOT] C [DOT] Hamm [AT] gmail.com
 

 * '''Background''': I'm a 24 year old, third year student at Paris-Diderot University in Paris, France. I've studied and coded, among other languages, in C, Java, Ocaml, Python, the whole "internet package" (PHP, HTML, CSS, JavaScript, SQL) and I have just started to learn C++ but I shouldn't have any problems with it since it looks like the offspring of Java and C to me, and I can already code in both. As for cryptography I've followed the Coursera courses ([[https://www.coursera.org/course/crypto|Here]]) a couple of months ago and I have the "Handbook of Applied Cryptography" from Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone on my nightstand so I can read about the magical universe of encryption and decryption every night.
 I have also been a member of [[http://www.hac
kthissite.org/| Hack This Site]] and [[http://www.enigmagroup.org/ |Enigma Group]] for over a year now, to get to know more about how penetration testing works ( they also have some cryptography exercises ). Why you say? Because I intend on working in computer security later on, and this is a good opportunity for me to acquire experience in that domain.
 
Line 8: Line 12:
 * '''Project details''': Debian now has various packages such as wheezy/oathtool and wheezy/dynalogin-server to support token authentication for various use cases. The basic use cases are UNIX logins (using wheezy/libpam-oath or experimental/libpam-dynalogin and OpenID (web based) login using wheezy/simpleid-store-dynalogin. The student will look at adding more depth in this area, here are some possible examples: developing support for Challenge-Response authentication ( CROTP ) in oath-toolkit developing an asynchronous AMQP-based interface for wheezy/dynalogin-server enhancing wheezy/simpleid to create user profiles on the fly using some combination of these technologies to enable a more secure experience with digital currency transactions (e.g. for Bitcoin)
 * '''Synopsis''': Enhancing/creating some authentication and transactions protocols based on the one-time pass.
 * '''Benefits to Debian''': Simply put: you can have walls as thick and high as you want, but if anyone can have the key to the door, your castle will fall.
 * '''Deliverables''': To be identified in consultation with the mentor(s).
 * '''Project schedule''': Brush up on my cryptography/learn some C++ if required, getting familiar with the different authentication protocols and figure out how they can be added to the already existing ones. Code and test.
 * '''Exams and other commitments''': I do have some exams until the end of May and maybe in June '''if''' I fail the first session of exams.
   * '''Project details''': After checking out Dynalogin to get information about it, and after getting a pointer from a mentor, I noticed that there was absolutely no GUI to it, as in, you have to basically go and change PHP lines of code to set some values. For people used to coding and looking around in files, that shouldn't be a problem, but for "normal" people that is quite a turn off. It's like telling you: See this incredibly complex thing?? it's really powerful, but you have to tweak it a little and if you don't get it right, it won't work... There also is a database transfer program opportunity which I can't pass on. That and making a manual in French/English (I'm fluent in both) that explains a little bit about how Dynalogin works and what you can do with it.
 
 * '''Synopsis''': Enhancing/creating some authentication and transaction protocols based on the one-time pass protocol.
 
 * '''Benefits to Debian''': Simply put: you can have walls as thick and high as you want, but if anyone can get the key that opens the door, your castle will fall. But jokes apart, adding more manpower to a project that allows more secure data transfer is always a good idea and Debian would benefit of it by having an easy access to a fun and useful toy like the Yubikey
 
 * '''Deliverables''': A GUI for Dynalogin with a manual in French/English, A database importer tool to transfer user information from other database into Dynalogin's database.
 
 * '''Project schedule''':
    * Step0:
        (1 week) Looking around for what has already been done or thought of on the different mailing lists.
    * Step1:
        (1-2 weeks) Making sketches of different types of possible GUIs and send them to the mentors to have a feedback and pick one that fits.
    * Step2:
        (3-5 weeks) Coding a GUI making sure it works and does what it's supposed to.
    * Step3:
        (1 week) Making a manual in French and in English.
    * Step4:
        (1 week) Getting close and personal with Dynalogin's database structure and figuring out how to import data from other databases, like, as mentioned by mentors, the Debian or alioth LDAP database and maybe others if I'm quick enough.
    * Step5:
        (4-6 weeks) Coding a database importer (and possibly exporter), testing it and debugging it.
    * Step6:
        (1-2 weeks) Making a manual page and guides for that program.

 * '''Exams and other commitments''': I have exams until the end of May, and possibly in June depending on the circumstances.
 
Line 15: Line 40:
 * '''Why Debian?''': Well, "Kali", which is the codename for a linux distro that is built around computer security testing and is the evolution of the "Backtrack" series, is mostly based on Debian, and since I'll be using it for work soon enough, knowing how it '''''really''''' works could help me.
 * '''Are you applying
for other projects in SoC?''': I will apply to a couple of Wireshark and Crypto Stick projects.
   * '''Why Debian?''': "Kali", which is the codename for a Linux distro that evolved from the "Backtrack" series built around computer security testing, is mostly based on Debian, and since I'll be using it for work soon enough I want to know how it '''''really''''' works.
 
 * '''Are you apply
ing for other projects in GSoC?''': I will be applying to a couple of Wireshark and Crypto Stick projects.

Application Form

  • Name: Oliver Hamm.

  • Contact/Email: Oliver [DOT] C [DOT] Hamm [AT] gmail.com

  • Background: I'm a 24 year old, third year student at Paris-Diderot University in Paris, France. I've studied and coded, among other languages, in C, Java, Ocaml, Python, the whole "internet package" (PHP, HTML, CSS, ?JavaScript, SQL) and I have just started to learn C++ but I shouldn't have any problems with it since it looks like the offspring of Java and C to me, and I can already code in both. As for cryptography I've followed the Coursera courses (Here) a couple of months ago and I have the "Handbook of Applied Cryptography" from Alfred J. Menezes, Paul C. van Oorschot and Scott A. Vanstone on my nightstand so I can read about the magical universe of encryption and decryption every night. I have also been a member of Hack This Site and Enigma Group for over a year now, to get to know more about how penetration testing works ( they also have some cryptography exercises ). Why you say? Because I intend on working in computer security later on, and this is a good opportunity for me to acquire experience in that domain.

  • Project title: One-time-password (token) based authentication and transactions

  • Project details: After checking out Dynalogin to get information about it, and after getting a pointer from a mentor, I noticed that there was absolutely no GUI to it, as in, you have to basically go and change PHP lines of code to set some values. For people used to coding and looking around in files, that shouldn't be a problem, but for "normal" people that is quite a turn off. It's like telling you: See this incredibly complex thing?? it's really powerful, but you have to tweak it a little and if you don't get it right, it won't work... There also is a database transfer program opportunity which I can't pass on. That and making a manual in French/English (I'm fluent in both) that explains a little bit about how Dynalogin works and what you can do with it.

  • Synopsis: Enhancing/creating some authentication and transaction protocols based on the one-time pass protocol.

  • Benefits to Debian: Simply put: you can have walls as thick and high as you want, but if anyone can get the key that opens the door, your castle will fall. But jokes apart, adding more manpower to a project that allows more secure data transfer is always a good idea and Debian would benefit of it by having an easy access to a fun and useful toy like the Yubikey

  • Deliverables: A GUI for Dynalogin with a manual in French/English, A database importer tool to transfer user information from other database into Dynalogin's database.

  • Project schedule:

    • Step0:
      • (1 week) Looking around for what has already been done or thought of on the different mailing lists.
    • Step1:
      • (1-2 weeks) Making sketches of different types of possible GUIs and send them to the mentors to have a feedback and pick one that fits.
    • Step2:
      • (3-5 weeks) Coding a GUI making sure it works and does what it's supposed to.
    • Step3:
      • (1 week) Making a manual in French and in English.
    • Step4:
      • (1 week) Getting close and personal with Dynalogin's database structure and figuring out how to import data from other databases, like, as mentioned by mentors, the Debian or alioth LDAP database and maybe others if I'm quick enough.
    • Step5:
      • (4-6 weeks) Coding a database importer (and possibly exporter), testing it and debugging it.
    • Step6:
      • (1-2 weeks) Making a manual page and guides for that program.
  • Exams and other commitments: I have exams until the end of May, and possibly in June depending on the circumstances.

  • Other summer plans: Apart from turning my keyboard into a steaming pile of burnt plastic and my brain to mush? No.

  • Why Debian?: "Kali", which is the codename for a Linux distro that evolved from the "Backtrack" series built around computer security testing, is mostly based on Debian, and since I'll be using it for work soon enough I want to know how it really works.

  • Are you applying for other projects in GSoC?: I will be applying to a couple of Wireshark and Crypto Stick projects.