Very good proposals, we were looking for a clear outline of goals and objectives, as well as timeline to when you be completed with different aspects of your project.

Comments for all groups

1. All reports will be expected to have a good list of related references to show that the project team has studied well the problems and existing solutions to those problems. Most references should be to real published sources which can be found in a library. The number of references is not defines and it's your responsibility to make sure that your includes all major relevant references. Your list of references should contain no more that 20% of references to online-only sources excluding references to systems, products, or solutions for which there are no non-online sources. Those reports which have more than 20% of references to online-only sources will get reduced marks.

Here are examples:

A. A report contains 20 references, of which 3 are to systems for which only online publications exist, and 4 other references to online-only sources. Such a report will get full mark subject to its quality and other merits.
B. Same report as in example A except it has 5 references to online-only sources (excluding references to systems for which only online publications exist). Such a report will get lower mark than the report in example A even if it is equal to the example A report in quality and all other merits.

The purpose of this rule is to motivate you to use information sources of higher integrity, which is warranted by reviewing process practiced by most magazines, journals, conferences, and workshops. Not all published sources have same high integrity but we are not going to take this fact into account for this project. Please see the resources page for the links to the various digital libraries and databases available to all UBC students and faculty for free. These are good places to start, if you have not done so, looking for publications relevant to the subject of your project.

2. Make sure the spelling and grammar is correct in the project report as such errors will result in a lower mark.

Specific comments for each group

Topic: WEP
Group: Michael Kwan, Andrew Ong, Derrick Yeung
Comments:

1. Your proposal sounds good, I would like to see you come up with your own methods for key exchange. You should also investigate the reasons such a short key was chosen for use.
2. Since you are addressing the problem of key exchange for WPA, you don't have to elaborate on the weaknesses and deficiencies of WEP. Avoiding discussion of little relevance to your problems will increase the clarity of the report.
3. Try to get right to the point of stating the problem your project is addressing. State the problem first in a form of 1-2 sentences, and then provide an expanded problem statement. Also, remember to explain why solving the stated problem is important.
4. Make sure that you can convenience the report readers and the mini-conference audience in the feasibility of your proposed solution and its advantages over existing ones.
5. There has been many publications in magazines, journals, and conferences on wireless security, including key exchange. Make sure that you show your knowledge of the related work. Specifically, both IEEE Security & Privacy magazine and Communications of the ACM had special issues on wireless security.

Topic: Audio Voice Authentication
Group: Jacqueline Chow, Janet Tse, Jeffrey Tung
Comments:

1. Well defined problem.
2. Decide early what type of hardware you will be using for your system, and what type of measurements you will be using on the audio. You should also focus on the features such a system would need, how will you add and remove users?
3. Make sure you can demonstrate the feasibility of your design at least on a standard PC.

Topic: UBC Wireless Security
Group: Li-Heng Lin, Jeanette Tsang, Gordon Wong

Comments:

1. There have been analysis of UBC wireless networks before, but another one is always useful. I believe there may be other layers of security at UBC that you did not list, be sure you know for sure before you begin researching your attack methods.
2. Your proposal looks well thought out.

Topic: Security for 2 Way Messaging
Group: Kevin Lai, John Li, Handika Handoko, Tuan Vo
Comments:

1. Your project seems like a good extension of the existing application, be sure you can demonstrate how the existing application communicates, break down the packet structure, etc.
2. You also should try hard to impliment your solution, at the very least you need to provide a detailed outline for implimentation using pseudo code.
3. Good problem definition.
4. Remember to explain in the project report why solving the state problem is important.
5. Make sure that there will be some original work done as part of your project.

Topic: Small Business Wireless Security
Group: Jason Kan, Johnson Lee, Larix Lee, Michael Leung
Comments:

1. This sounds like a very good project. I assume you will be implimenting your solution, so be sure to take note of all the details of imlimentation, such as cost and unexpected problems. You may also want to take digital photos for use when you present, so you can show the installation, and how everything has been deployed.
2. The proposal lacks evidence that your group has good chances to succeed with a solution. So, make sure that you mitigate the risk early in the project.
3. Refer to your work as "project" or "report" depending on the context, and not as "paper".

Topic: Security of Public Wireless Access Points
Group: Steven Chang, Ben Huang, Victor Lam, Horng Yen
Comments:

1. You should try to outline specific goals for your project.
2. Will you be able to perform any tests of locations that provide the services you plan to analyze?
3. Will only attempt to analyze the service provider, or will you examine weaknesses in the patrons who use the service?
4. Make sure your got the acronyms right (e.g., WEP)
5. Your projects seems to fall in the group of analysis projects. If so, state it clear from the beginning and clarify the criteria you use for your analysis.

Topic: Electronic Voting
Group: Aleksandar Milojkovic, Jeffrey Kler, Ivan Lau, Samson Zhao
Comments:

1. This seems like a good project, but you will need to do a lot of research, since this is a very popular topic in the media. There will be a lot of useless information to get through. We discussed this problem with some students early in the year, you might want to include some of the following in your project. Here is a set of requirements that traditional voting does not have, but would be quite nice if implemented in a new electronic system. - Ability to verify your vote via the Internet, from a publicly viewable list. - Inability to prove, or reliably convince another person of how you voted. - Ability to tally the vote count via the Internet. - Able to verify all votes are real. Some data could be hidden from the public, but the main objective is the ability to verify your vote, and preserve the integrity of data... the tally system can remain private, it could of course be corrupted, but as long as the data remains uncorrupted, the tally system could be challenged. If you don't think this fits into what you plan to do, don't feel obligated to use it.
2. Good easy to follow structure of the proposal.
3. Keep it clear if your solution is for electronic voting or computerized voting.
   

Topic: Biometrics, Facial Recognition
Group: Ryan Chan, Jason Cheung, Amy Ha
Comments:

1. This seems like an interesting topic. Vancouver International Airport will be implementing a new iris scanning system next month, perhaps you can include some information on how this system will work. The program is called Nexus Air.
2. Whenever you make some claims or statements (e.g., "New legislation in the United States (U.S.) states that ..."), provide a reference to the source of the information used.
3. Identify and state clearly which questions your project will be addressing AND its planned contributions.
4. Instead of considering the issue of facial recognition in travel documents broadly, try to concentrate on just one important question and address it sorely.
5. Make sure that most of the references you will use in the final report are not just online ones but have been published on paper, i.e., one can use your references to find the corresponding sources in a library.

Topic: Secure MSN Plugin
Group: Wesam Darwish, Wing Leung, Megan Tiedje
Comments:

1. Your project is quite ambitious. Be sure you do a complete survey to determine there are no such plugins for Trillian when using MSN, if you do find some, be sure to analyze them, and include that in your report.
2. You may be unable to complete all of your goals, so be sure that you can get your plugin working to some degree, if possible.
3. Very well defined proposal
4. You will be expected to demonstrate your secure implementation of IM
5. Make sure that you explain very clearly why what's already exists among secure IM is not good enough therefore justifying your project.
6. You will need to convince the audience at the mini-conference and the report readers that your design and implementation are secure according to your threat model. Therefore, you will need to explain against which particular threats you are protecting IM communications and give some reasoning about the validity of your threat model.
   

Topic: Spyware
Group: Kartik Markandan, Wallace Hung, Claudia Fong
Comments:

1. You may want to look into whether or not there are any technical solutions specifically outlined in the law, and especially look at how the law will be applied in a technical sense.
2. You should also attempt to come up with an idea of how you would write a law, if you had the chance.
3. Problem definition needs to be more concrete.
4. Make sure you define explicitly if your project is a design or analysis one.
5. Try to focus on fewer questions but get deeper understanding of them instead of spreading too thin.

Topic: UBC Wireless Security Policy
Group: Wing Woo, Qiang Wei, Johnson Tsai, Joyce Chiang
Comments:

1. Be sure to give details and examples of the different ways each security measure may be compromised.
2. You should also point out any weaknesses in your proposed solutions.
3. Several groups are doing their reports on WEP, so try to focus more on other points in your project.
4. You may want to speak with the ubc network security team to gain more information.
5. Well written proposal, good definition of the problem, good list of references, and plan of action.
6. Make sure you look at the special issue of IEEE Security and Privacy Magazine and Communications of ACM on wireless security.