Here’s some of the work we’ve done:

10/07/2013 – Final project proposal has been proposed and been posted on blogs

10/14/2013 – Get the feedback of final project proposal

10/21/2013 – According to the feedback, we have deeper discussion on final project.
1. Download the source code for CMAccount, and learn about each module of the system
2. Build diagrams to have more clear relationship between each crypto classes
3. Do analysis on the exact crypto and protocols used in CMAccount
4. Come up with MITM and other attacks (thread model), and analyze the whether the security properties in CMAccount can prevent those attacks
5. If time permitted, do more analysis on the correctness of CMAccount

11/02/2013
We have successfully identified the core crypto modules in CMAccount source code. More information can be found on the post: http://cmaccount.blogs.rice.edu/2013/11/03/status-update-11032013/

Future milestones:

11/11/2013
Analyze the specific crypto code, and learn more about ECDH algorithms and algorithms on the digital signatures to sign the public keys before exchanging them (Use a secure medium, such as voice communication or trusted courier, to transmit a digital signature key between the two parties; use a public certification authority (CA) to provide a trusted digital signature key to both parties.).

11/22/2013
Build one or more reasonable threat model, and then analyze the behavior CMAccount will do to deal with them. Then see whether CMAccount is really effective in preventing those sorts of attackers.

11/27/2013
Look over the code again, but this time try to find out whether there’re some potential bugs or mistakes in code.

12/2/2013
Final presentation for projects