4th Year Module Round Up

Icons of a group of people, a padlock, a CCTV camera, and a calendar, with the CCTV camera being a part of the background photo on a brutalist building. — Developing skills in teamwork, security, and project management. (image by author, background photo by Reuben Hustler)

This was the last year of my degree at the University of Southampton. I wish I'd had this blog active from the start of my studies, so that I could both publish my notes freely, and comment on my thoughts on modules for many future cohorts.

It's a shame that it's taken me this long to figure out that these sorts of things might be handy and provide some good content for the blog for those that want to know about what I've been studying without necessarily looking at my notes for each of the modules, but here we are.

During the year, I took the following modules:

ELEC6200: Group Design Project (Semester 1, worth 3 modules)
COMP6204: Software Project Management and Secure Development (Semester 1)
COMP6211: Biometrics (Semester 2)
COMP6216: Simulations Modelling for Computer Science (Semester 2)
COMP6236: Software Security (Semester 2)
ELEC6242: Cryptography (Semester 2)

Overall Workload

Semester 1

This was a fairly relaxed semester, as I only had the group design project and my software project management modules to take. The group design project was very much a group effort, and as a group of four well-engaged students, I think we had a fairly balanced workload throughout the semester, keeping up to date with our weekly team meetings, and supervisor meetings with Dr. Denis Nicole.

The other module, the software project management module, was also quite relaxed, with most of the content suitable for rote learning, and a relaxed group coursework, provided that all members did their bit.

Semester 2

Compared to the first semester this year, which I'd argue was the most relaxed of the whole degree, this was back to almost business as usual. When the options system opened around this time last year, I decided that it would be in my best interests to pick as many challenging modules as possible, going for those which I thought would be the most intellectually stimulating and hard to learn from a textbook myself. I therefore chose the simulations modelling module as one of the most important to take, alongside cryptography and biometrics as my optional choices.

The digital forensics and computational finance modules also both seemed interesting, although I have no particular aspirations to work in finance, and I wanted a more general skill set than simply cyber-related modules.

Modules

ELEC6200: Group Design Project

The module started with a couple of weeks research, looking through the previous year's paper on the same project, which in my case was drone communications and jamming. This literature review mainly comprised looking through e.g., the LTE specifications and how that worked at a high level, any unfamiliar radio terms, and the current state of reverse engineering of DJI-related drones.

During this time, we also began to propose ideas on what aspects we'd like to improve compared to the last cohort tackling this project, and decided to utilise a two-pronged approach to our efforts. As the team comprised two computer scientists and two electrical engineers, we split into a firmware reverse engineering and supply chain attack team, and a jamming team.

Being a computer scientist, my efforts were focused on decryption of the firmware on-device, and a review of all technologies and chips to be found on the mainboards of the drone. We also identified a limitation of the previous year's project in that their efforts did not jam the drone at all. We disassembled both the controller and the drone to allow access to the antenna connectors to allow us to generate and trace signals through coaxial cables, instead of over the air.

Internals of DJI drone remote controller, with SMA tails for antennae on board (image reproduced from our report)

DJI's supply chain security seems to be reasonably decent, and their buses for routing from EEPROM to on-chip and RAM cannot easily be seen from the PCB, so our project ended up barrage jamming the entire 2.4GHz band the drone had FCC approval to operate on, causing the drone to lose contact and initiate its return to home procedures.

I think the enjoyment of this module largely depended on the project you were allocated, the team, and the supervisor for the project. I think it's worth spending a while figuring out which projects and supervisors look most appealing to you, and taking charge where possible to steer the project in your preferred direction.

COMP6204: Software Project Management and Secure Development

I found this module was very boring, with slides and lecturing not stimulating at all. The coursework was planning out a project and going through the envisioning process, as part of an Agile project, without an enjoyable brief. If possible, I'd advise against taking this module, unless you're desperate to become a project manager and haven't been exposed to Agile before.

I think the issue this module suffered from is that it was taught to both 4th year undergraduates and an MSc cohort at the same time, so whilst it was a good introduction to software development processes, it was of little meaningful use to those that have already done Agile et. al to death in previous years.

COMP6211: Biometrics

I was really glad to have chosen this module as I feel that a lot of the techniques taught wouldn't be that easy to grasp from a textbook. The module was really good provided that you went to all lectures and kept comprehensive notes, as I think it suffers from the issues of being a more traditional lecture, with the slides as an aid to the lecturer and not the definitive source of truth.

Thanks to the University's use of very poor PTZ cameras as lecture recording devices, any notes on the whiteboards (there were a lot) were simply unintelligible. The reading list for the module was decent, however, and once you'd deduced the was that the module was taught non-linearly, it was easy enough to keep up to date with.

I think the module suffered being quite outdated a fair bit, with many of the techniques covered recently having been replaced with machine learning models and feature extraction. The concepts covered were very mathematical in nature, but in some instances about 20 years out of date.

I can see the module still being useful to those that need to integrate biometrics functionalities on small micro controllers with very constrained limits, but with the advent of very low cost SoCs, and ASICs for things such as fingerprint recognition, there are less and less of these use cases around.

I'd like to see an updated syllabus with the latest technologies that are widely used, possibly some more on the socio-political issues that we can encounter with the pervasive use of this technology, especially by law enforcement, and possibly how we can preserve the privacy of users or minimise the amount of data we collect on them.

I also found the coursework somewhat interesting but annoying, as many of the gait analysis techniques we were taught in the lectures required several frames from each person, whilst we were only given 1-2 training images of each and a tiny sample with which to test and train our models.

COMP6216: Simulations Modelling for Computer Science

This was a fascinating module and has definitely opened my eyes to the world of data science, although I don't think I'm cut out to do this as a job in general. If you enjoy maths, and developing simulations to model the world or something silly of your own choosing, then this module might be for you. I found that it was quite hard to grasp the concepts, but found both the recommended reading and the problem sheets to be really useful in addition to the slides.

The courseworks were brilliant, although I found it quite difficult to get started on the second one. I'd recommend looking through all the papers for the presentation and narrowing down your talk so that you are researching something that you enjoy, as opposed to the first paper you find.

For the second coursework, start early if you can and regularly consult with Dr. Brede to make sure you understand what's going on and if you're on the right track, as the model I developed for my coursework was substantially flawed and could've been fixed with input from him earlier on.

Graph showing probability of an agent's strategy for many different test runs, as part of an agent-based model. — Graph showing the probability of some variable in an agent-based model, with fixed points at 0 and 1.

It was really rewarding to see graphs such as the one above, which demonstrated that the code written supported the theory of a chaotic nature of a system. The coursework took a lot of planning and debugging, so it was amazing when I first saw it generate a graph on its own given the simulation data it collected.

COMP6236: Software Security

This was the only other compulsory module this year, with the former being the group design project. This module built on a lot of theory from previous cyber modules, and introduced reverse engineering as a skill, in addition to revising knowledge on how ELF files are laid out and how low-level CPU access and machine code works.

I found the courseworks to be fascinating and challenging, with a very gamified experience (for the first and second), providing practical, if slightly outdated, experience into actual penetration testing and reverse engineering of applications. If you enjoy things such as Hack the Box, then this module should also be quite fun.

ELEC6242: Cryptography

Finally rounding off the modules for this year was cryptography. Being somewhat interested in how it all works already, I came into the module with a vague understanding of AES, RSA, and how elliptic curves all helped make communications work securely. The module was more of an eye-opener to me and went in for a deep dive on several of these technologies, to the point where we'd be able to reimplement them to an extent on our own, or at least take the key concepts and apply them to our own ciphers.

The module built up to the complicated symmetric and asymmetric ciphers in use, first through historical ideas, how they were broken, and the theory behind the modern suites that makes them quite (theoretically) secure. It is up to date with the current state of the art, both with the current cipher suites and modes being used, in addition to the current state of the candidate algorithms for post-quantum asymmetric security.

The coursework was interesting, and similar to software security, involved a lot of independent problem solving. I found the exam to be difficult, with many concepts that needed to be known in great depth.

Thanks for taking the time to read this, and if you're a current third year student looking at modules for next year, then I hope you've found this to be a useful guide as to what you can expect. Don't forget you can view my notes for this year's content here, and of course if you spot any errors, please ping me an email at charlie@chza.me so I can sort them.