Summary

CU1: Security of Bluetooth Low Energy

Tutor: Çağatay Ulusoy (Lukoton Oy)

Version 4 of the Bluetooth specifications includes a new short-range wireless communication technology known as Bluetooth Low Energy (BLE) or Bluetooth SMART. The diffusion of BLE has recently been very fast as smartphones (e.g., the iPhone) and smart objects (e.g., sport sensors) have started being equipped with BLE transceivers. The design goals of BLE include low cost and low energy consumption of devices. As a consequence, some security mechanisms of Bluetooth classic were redesigned in to reduce their complexity. The impact of these changes on the security of communications with BLE is still unclear. The student involved in this topic is expected to: learn the essential features of the BLE protocol stack; analyze the security features of the communication between BLE devices; analyze possible security issues in the protocol specification and propose solutions to overcome them.

References:

DY1: IPv6 over networks of resource-constrained nodes

Tutor: Deng Yang

IPv6 over Networks of Resource-constrained Nodes (6lo) is an IPv6-based network that connects constrained nodes with limited power, memory or processing resources. With the next mega-trend of the Internet of Things, 6lo is becoming more and more important as it provides an end-to-end solution and forms a solid base for interoperability. This student involved in this topic is expected to overview the transmission technologies supported by 6lo currently or in the near future. Some examples include ZigBee, Bluetooth Low Energy, Near Field Communication. The student also needs to understand how these technologies integrate into 6lo and then compare them in a comprehensive way to conclude what scenarios they are suitable for.

References:

DV1: A comparative study of energy profiling methods for mobile devices

Tutor: Vu Ba Tien Dung

A complete knowledge on how and where energy is consumed on a mobile device is of great interest not only to end users, but also software and system developers. Examining the energy consumption of a device is referred to as energy profiling and is typically classified as either hardware-based or software-based. Hardware-based techniques utilize hardware instruments to measure the power of the device directly, whereas software-based techniques employ a set of power models in order to estimate the device energy consumption. The work consists in surveying and comparing different energy profilers on mobile devices. First, profilers needs to be classified into categories, and then the advantages and disadvantages of the considered tools should be pointed out. Next, a few popular tools (e.g., Monsoon for hardware-based; PowerTutor and AppScope for software-based) are chosen and their accuracy is evaluated on a set of mobile phone usage scenarios. The final outcome of the work is to characterize in which scenarios and conditions one profiling method can be applied or not.

References:

JD1: Using Internet photos and videos for indoor mapping

Tutor: Jiang Dong

The indoor localization market is rapidly growing. However, up-to-date indoor maps are rarely available. Along with booming popularity of photo sharing services such as Instagram and Flickr, an ever-increasing number of photos and videos are shared and made publicly available on the Internet. This topic tries to explore the possibility of utilizing Internet photos and videos for building 3D models of indoor environment and providing indoor mapping using these models. There are several areas of interest: analyzing of different types of buildings from the perspective of indoor structure; using the APIs provided by different websites to download photos or videos for the selected typical buildings; using Structure-from-Motion techniques to build 3D models of the selected buildings; analyzing the usability of the models from the perspective of indoor mapping.

References:

JD2: Indoor localization using fingerprinting techniques

Tutor: Jiang Dong

While it is easy to utilize GPS to localize the user outdoors, indoor localization is still an open issue. Many indoor localization approaches have been proposed in the literature. This topic focuses on using fingerprinting approaches for indoor localization. Fingerprinting approaches decide locations based on geo-referenced fingerprints that have been collected for example through war-driving. Besides Wi-Fi fingerprints, others such as Bluetooth and the magnetic field have also been used for indoor localization. The student involved in this topic will survey fingerprinting-based indoor localization techniques first, then build a small Wi-Fi or magnetic field fingerprints map of the Aalto CS building. Based on the map, the student can implement their own indoor localization system by choosing state-of-art algorithms or designing their own solution.

References:

JD3: User trajectory recognition in an indoor environment

Tutor: Jiang Dong

Recording walking trajectories of users in an indoor environment is useful for analyzing their behavior. Furthermore, the fingerprints information along the trace can be collected efficiently if the walking trajectory is known. The work to be carried out in this topic explores using the built-in sensors of a smart-device together with map information to determine the walking trace of a user. Given a start position and the direction on the map, sensors including accelerometer and gyroscope can be used for dead reckoning. More information such as indoor maps can be used for calibrating the trace. A student involved in this topic would need to first survey the state-of-art in user trajectory recognition techniques. Based on the survey, a user trajectory recognition system could be implemented on a mobile platform. The work can further design the metrics to evaluate the accuracy of the collected traces.

References:

JL1: Bitcoin and cryptography

Tutor: Jian Liu

Bitcoin a widely adopted online payment system, which uses peer-to-peer technology to operate with no central authority or banks. As a result, users can enjoy many benefits by using Bitcoin, such as no third-party seizure, no (or low) transaction costs and no tracking. However, it has significant limitations regarding privacy. For example, payment transactions are recorded in a public decentralized ledger, which potentially leaks important information. This topic is about using cryptographic technologies to enhance the privacy of Bitcoin. Students who select this topic should survey the technologies that are currently used in Bitcoin, their limitations, and state-of-the-art cryptographic solutions.

References:

JN1: Improving the energy-efficiency of cellular base station

Tutor: Jukka K. Nurminen

In our lab, we have a long history of research on saving energy at the mobile phone. In this seminar, we are shifting our attention to the energy consumption of the base station and looking for ways how energy can be saved at the network endpoint. Some time ago, we had a thesis project that took a high-level look at the energy-efficiency of LTE networks. The main goal of this work is to go into a more technical direction by focusing on aspects that can be achieved with software-based solutions. Furthermore, a number of new options are available such as Cloud-RAN, cooperation of multiple base stations, or adaptation to variable availability of energy.

References:

JN2: Computer science challenges of 3D printing

Tutor: Jukka K. Nurminen

The target of this work is to investigate 3D printing and, in particular, look for the research challenges that it offers for computer science. The topic is rather open and the work can focus on some relevant aspect, such as the protocols for communicating with 3D printers, the role of mobile technology in 3D printing, or software platforms for sharing 3D printer artifacts.

References:

KH1: Cloud datastores

Tutor: Keijo Heljanko

Cloud computing has risen as a new framework for doing highly scalable web based applications. One of the central building blocks are new database technologies developed to implement massively parallel database systems, called cloud datastores aka NoSQL databases. The main goal of this work is to survey this new class of datastores, discuss their design principles, categorize and compare them against each other and against traditional relational database systems.

Reference:

KH2: Big data platforms

Tutor: Keijo Heljanko

Big data is one of the currently highly discussed topics in cloud computing applications. In this topic you get to survey the most widely used big data platforms, such as Apache Hadoop, Apache Spark, and Facebook Presto. In this topic the main aim is to survey this new class of big data platforms, discuss their design principles, categorize and compare them against each other. Some of the issues in selecting the right tools and platforms for the big data application at hand need to be discussed.

References:

KK1: Container cloud computing

Tutor: Kashif Khan

Containers are a new alternative to virtual machines for running tasks on the cloud. The goal of this work is to investigate container technologies and compare them especially from the performance perspective. The work could potentially perform experiments with scientific computing tasks through the physics computing infrastructure at CERN.

References:

MB1: Delay-sensitive cloud computing and edge computing for road-safety systems

Tutor: Mehrdad Bagheri

The goal of this research is to investigate whether the response time of a cloud-computing system over conventional cellular Internet (e.g., LTE) is suitable for delay-sensitive safety applications, specifically, for road-safety systems in which the network nodes are mobile and might not be in small numbers either (e.g., all cars in a city connected). These safety applications require very quick response time (minimum network latency) as well as scalability. Another question is which cloud computing framework or model to use for development of such applications. For instance, the popular Apache Hadoop might not be suitable for delay-sensitive applications, as it was originally designed for large data and batch processing. Finally, if conventional cloud platforms fail to completely satisfy the requirements of these safety applications, does the more recent platform of Mobile Edge Computing (MEC) have the potential to address this requirement? If so, what is the gain in response time (delay) when MEC is used? Focus of this topic is on vehicular safety, however the results can be applied to any delay-sensitive system.

References:

MD1: Multimedia streaming over cognitive radios

Tutor: Mario Di Francesco

Cognitive radio networks (CRNs) are able to sense a wide range of the spectrum and the agility to make use of the available resources dynamically. Accordingly, they can reclaim unused frequencies (i.e., whitespace) for wireless communications while avoiding interferences with between licensed and unlicensed users. One of the most promising applications of CRNs is represented by bandwidth-intensive multimedia services for mobile devices, such as video streaming, that are already facing a shortage of resources in the cellular networks. The student involved in this topic is expected to: learn the basics of CRNs; understand the different regulations in different countries; analyze the impact of the features peculiar to CRNs on streaming multimedia content.

References:

MD2: Bacteria nanonetworks

Tutor: Mario Di Francesco

Molecular communications have been recently proposed for building networks of nano-scale elements. A promising direction consists in exploiting bacteria as mobile carriers of messages that can be encoded as DNA fragments. Such messages can be then exchanged between bacteria when they are in close proximity through the process known as conjugation. Environmental factors such as the concentration of chemicals affect the motion of the bacteria and eventually the chance that a message can be successfully delivered from a source to a destination. The student involved in this topic is expected to: learn the basics of nano-scale bacterial communications; analyze the mobility pattern of bacteria and the conjugation process; develop mechanisms that affect the motion of bacteria so as to increase the chance of successful message delivery.

References:

MM1: Communication protocols and standards for the IoT

Tutor: Manik Madhikermi

The Internet of Things (IoT) calls for easy ways to query and set up information flows between any kinds of products, devices, computers, users and information systems in general. However, sufficiently generic, powerful and standardized application-level interfaces are not currently available for exchanging the kind of information required by the IoT. One recent initiative is the Open Messaging Interface (O-MI) messaging standard by The Open Group. However, many other standardization organizations have also launched initiatives that claim to fulfill similar goals. The work consists in surveying of completed and ongoing "application-level" standardization activities for the IoT in organizations such as W3C, IETF, OASIS, ISO, and so on. The identified standards should be assessed against the requirements for a generic, application-level communication interface as presented in the references below. The assessment should be done also by taking into consideration their applicability to reference applications, as well as to other relevant IoT applications.

References:

MS1: Analysis of techniques and tools for automated mobile app testing

Tutor: Matti Siekkinen

There are many mobile app testing tools and services currently available for app developers. The objective of this work is to analyze the techniques used and features offered by these tools and to perform a comparative analysis highlighting their pros and cons. The outcome should describe the state of the art of automated mobile app testing and point out the limitations and open problems with current tools.

References:

MS2: Scalable vs non-scalable video coding for mobile video in practice

Tutor: Matti Siekkinen

Scalable Video Coding (SVC) is a decade old video coding solution for flexible quality selection over bandwidth varying communication paths. The basic idea is that SVC produces a layered video that allows choosing the video stream playback quality by downloading a specific number of layers: base layer provides lowest quality and downloading additional layers improves the video quality proportionally. Although SVC has been around for a long time, it appears to be less used than non-scalable coding in which a single video is transcoded into multiple versions (beforehand or in real time). However, there is now a renewed interest for SVC as quality adaptive streaming (DASH) is taking over mobile video streaming. The objective of this work is to study the pros and cons of the two approaches (e.g. computational complexity, coding and storage and bandwidth overheads) with a special focus on mobile video streaming. Also exploration of the usage of the two approaches in real mobile video services is part of the work.

References:

NH1: Virtual machine consolidation with multi-resource usage prediction

Tutor: Nguyen Trung Hieu

Consolidation of virtual machines (VM) on the minimum number of physical servers is an efficient solution to reduce the power consumption. However, most of the existing solution rely on eager migration of VMs, thus resulting in unnecessarily migrations. These solutions increases the energy that includes the VM migration cost on the source and destination hosts and extra traffic volume that generated from VM migration. The focus of this topic is predicting short-time future utilization including multiple types of resources based on the past history of resource usage in each host. The current and predicted utilization metrics are then used as the main criterion to: decide when a physical server is considered to be overloaded, so that some already placed VMs should be migrated to improve the quality of provided services; decide when a physical server is considered to be underloaded, so that all the already placed VMs should be migrated for energy efficiency. The student involved in this topic is expected to: learn the basics of VM consolidation; survey the forecasting paradigms to predict the short-time future utilization; review the relevant metrics proposed in the literature to determine overload and underload of physical resources; eventually, characterize the performance of proposed solution in term of energy consumption and number of VM migrations by simulation using CloudSim toolkit.

References:

OH1: User authentication or identification through heartbeat sensing

Tutor: Otto Huhta

Despite years of research into various alternative authentication methods, passwords still remain the most common method when authenticating ourselves to devices and services. However, as wearable devices become cheaper and more interconnected, efforts are being made to leverage their capabilities for seamless authentication. Various wearable heart rate monitors have been available for a long time, but with more sophisticated models, interest for using one's heartbeat for authentication has been renewed for both industry and academia (e.g., Bionym Nymi, Apple, Intel). The student involved in this seminar topic is supposed to look at the security and usability aspects of using heartbeat information for user authentication or identification. More specifically, the goal of the work is to look into how such information can be effectively used to identify an individual, how reliable heartbeat monitoring is as an authentication method, and what are the potential vulnerabilities.

References:

RB1: Proximity services using device-to-device communication

Tutor: Ravishankar Borgaonkar

As LTE Advanced is evolving, it is opening new frontiers for Device-to-Device (D2D) communication and proximity services (Prose). LTE D2D allows devices to communicate and provide services within a proximity radius of 500 m, unlike in existing Bluetooth, NFC, and WiFi technologies. Qualcomm has recently introduced LTE Direct to enable mobile subscribers to employ proximity services using D2D communication. The new features of this technologies are privacy sensitive and allow battery-efficient discovery of thousands of devices and services. The platform also enables new services for mobile network operators such as national security and public safely. The student involved in this topic is expected to: provide a detailed overview of proximity services using D2D communication; compare them with existing D2D communication technologies from the privacy perspective; analyze potential privacy issues from the point of view of the end users.

References:

SL1: Software market of network functions virtualization

Tutor: Sakari Luukkainen

Cloud computing has become an important architecture in today's ICT sector. The telecommunications industry considers introducing the cloud approach to mobile networks, because the usage of dedicated network hardware is a significant cost source. In that approach, the network functions would be implemented in software and provided on top of cheap computing and networking hardware. The introduction of open cloud technologies to the mobile networks would enable a new market for virtualized network functions solutions. The goal of this study is to analyze business models of future software companies in this emerging market.

References:

SS1: MOOCs and authentication

Tutor: Sanna Suoranta

Many top level universities are offering Massive Open Online courses (MOOCs). For example, MIT (Massachusetts Institute of Technology) and University of Harvard offer their courses using EdX and University of Stanford and École Polytechnique Fédérale de Lausanne offer their courses in Coursera. Also Aalto University offers MOOC courses. These courses pave the way to learn about university-level courses even for people that are not enrolled in the related programs. There are two types of courses: courses with a timetable given by a teacher and courses that can be taken any time. Participation often requires that students complete some assignments that are usually automatically graded in a learning environment. After the successful participation in a course, students may get a certificate. But who was the student? This is an essential issue if the student can get a right to complete a degree based on previous studies in an open university, as it is possible in some Finnish universities. Thus, the identity of the student must be verified from a trustworthy source. Maybe also during the course assignments the student should be authenticated. What kind of authentication systems do the currently used MOOCs have? What needs to be done next?

References:

SS2: Biometric authentication

Tutor: Sanna Suoranta

Biometric authentication is considered by many as the definitive solution for authentication, since it saves users from the password fatigue. For instance, fingerprints and eyes' retina are considered to be unique enough to be used for authentication purposes. To this end, fingerprints are scanned at the border control in several countries, including the USA. Biometric information for identification, such as a picture of the face and fingerprints, are added to the smart card embedded in passports. In recent years, several manufacturers (including IBM, Motorola and Apple) have added fingerprint readers to laptop computers and mobile phones. However, there are severe problems with biometric authentication: fingerprints cannot be changed but they are left on all surfaces and objects touched. Crackers have claimed that they can easily break the biometric authentication of mobile phones. What does the research community think about biometric authentication today?

References:

SS3: Password management

Tutor: Sanna Suoranta

According to Florêncio, every days users log in to eight services that use password as authentication method. Such services require unique and long passwords which are difficult to remember. Web browsers offer to remember the passwords on behalf of the user. There are also password management applications available both on mobile devices and computer environments, both commercial and open-source. However, many security expert avoid using such services and prefer coding their own solution. In this work, the student should survey password managers and evaluate their security.

References:

SS4: ICT as enabler for energy behavioral change

Tutor: Sanja Šćepanović

Recent research and practical efforts have increased on how ICT tools can best influence behavioral change when it comes to energy spending habits. The focus of such research has so far been mostly on improving energy efficiency (and conservation) by influencing individuals or communities. More limited are research efforts on changing the consumption patterns (time of use of energy), which becomes one of the most important challenges in new smart energy systems due to the introduction of more renewable sources. Besides solutions involving both software and hardware, in particular in the context of Internet of Things and Smart Home communication trends, studies involving user feedback are less frequent, while very important. Gamification is expected to be important as well in this context. Furthermore, some business solutions are already in place, such as Opower, and are capable of delivering promising results in practice. The student is expected to prepare a well structured review of the current research and industry solutions. The work prepared for this seminar topic is relevant as part of EU Civis project.

References:

SS5: Security and privacy in smart energy communities

Tutor: Sanja Šćepanović

The energy system is expectedly approaching the largest transformation since its beginning. The EU commission aims to achieve 80% smart grid coverage by 2020, and many countries are rolling out smart meters implementation at a large scale (in Finland currently close to 100% of the households are supplied with smart meters). The data from smart meters and smart sensors are intended for use in decisions in automation system in the context of Smart Homes.

While building and implementing such solutions, it is vital to consider privacy and security concerns. The questions range from the data security (that can impact individual user privacy and energy distribution), to intelligent operations in the grid (that can directly or indirectly harm the users or cause inconvenience). Finally, malicious users taking part in the smart grid ICT solutions and pretending to be cooperative may cause most unconventional and perhaps unpredictable types of issues.

In this seminar paper, the student is expected to prepare a comparative study of current research and practical studies on security and privacy in the context of smart grid ICT solutions with particular focus on the hackers pretending to be a part of the energy community. A question to address is to which extent reputation-type of trust that functions well in other domains (such as expertise, e.g. Stack Overflow or marketplaces services, e.g. eBay) shows to be resilient to such malicious users in the energy system context. The work prepared for this seminar topic is relevant as part of EU Civis project.

References:

ST1: Secure Instant messaging

Tutor: Sandeep Tamrakar

Instant messaging (IM) is the most widely used communication over the Internet generally used for sending short messages. Popular IMs communicates over TLS to protect against eavesdropping yet the TLS does not guarantee against eavesdropping at the server end. There are number of IM services that provides end-to-end secure messaging such as TextSecure. Similarly BitTorrent recently released decentralized private chat application known as Bleep. Off-the-record messaging protocol developed by Goldberg et. al. [1] describe secure messaging protocol with deniability, which ensures the authenticity of the message during communication yet it allows anyone to forge messages after the conversation that look like they were real communication between the participants.

The goal of this work is to look at different secure IM services and protocols, and make a survey based on the security features that these IM offers.

References:

TN1: Survey of security-enhanced linux policy analysis techniques

Tutor: Thomas Nyman

Security Enhanced Linux (SELinux) is an implementation of Mandatory Access Control (MAC) for Linux. SELinux allows system administrators to define policies for how processes and users are allowed to access system resources, such as files, devices and Inter Process Communication (IPC) primitives. The centralized SELinux policy is more amenable to analysis compared to highly distributed policies, such as traditional Unix file system permissions. However, the increased expressibility and large size of SELinux policies make such analysis often a daunting task. Widely used tools for SELinux policy analysis include the open source SETools suite developed by Tresys technologies. The topic has also received some attention in the academic community, and several more sophisticated analysis techniques have been proposed. The goal of this seminar topic is a survey of different approaches to SELinux policy analysis. Ambitious students should aim to identify potential gaps in the current state of the art and open research problems in the area. Prior skills required: Basic knowledge of the SELinux policy language is highly recommended.

References:

ZO1: How dense are cell towers? An experimental study of cell tower deployment

Tutor: Zhonghong Ou

More and more cell towers are deployed to provide better throughput and quality for mobile users. It is interesting to analyze how dense cell towers are deployed, how big coverage a single tower can provide, and whether different mobile phones will connect to different cell towers from the same location. In this task, the student is required to conduct experiments on different locations of the large-Helsinki area (including city center, and other suburban areas). The signal collecting software is available, but may need to be revised slightly; the student is mostly expected to collect the data and analyze them to get different kinds of statistics.

References: not available.

ZO2: Simulation tools for wireless sensor network

Tutor: Zhonghong Ou

Nowadays Wireless Sensor Networks (WSNs) play a pivotal role in the Internet of Things. However, building a WSN testbed is often costly, and running real experiments is always time-consuming. Therefore, simulation tools are very important for WSN development. With its help, protocols, algorithms, or even new applications can be validated or evaluated in a large scale, which is more economic and efficient than running them in a testbed. Several simulation tools are currently available for WSNs. The task of the student is to choose one of them as an example to make a deeper understanding of what are its internal mechanisms and how it works in practice. As part of the task, the student is also expected to run some experiments and investigate the resource utilization, including CPU and memory, simulation time, or any other indicators for performance evaluation purposes.

References: