Calls: Send in your ideas. Deadline October 1st, 2023.

Measurement

Measurement, monitoring, analysis and abuse handling

This page contains a concise overview of projects funded by NLnet foundation that belong to Measurement (see the thematic index). There is more information available on each of the projects listed on this page - all you need to do is click on the title or the link at the bottom of the section on each project to read more. If a description on this page is a bit technical and terse, don't despair — the dedicated page will have a more user-friendly description that should be intelligible for 'normal' people as well. If you cannot find a specific project you are looking for, please check the alphabetic index or just search for it (or search for a specific keyword).

Supersizing the Gun — Chipwhisperer open hardware for side channel analysis

ChipWhisperer is an open hardware and software toolchain that has been a mainstay of hardware security research. ChipWhisperer is used in academic curricula and in industrial R&D implementation security research labs for high speed side-channel power analysis and glitching attacks. The objective of this project is to explore design changes to the current ChipWhisperer hardware, so as to allow capturing of longer power analysis traces and to cater to higher clock speeds than currently supported. Here, the intent is to make it easier to perform side-channel-related analysis of public-key algorithms, without the need to artificially break down the algorithms into multiple components due to platform constraints. This allows for more realistic and practically relevant attacks. This project additionally entails the development of fine-grained post-processing tools, which would make further analysis of captured traces of public-key algorithms easier.

Ultimately, the goal is to work towards candidate post-quantum algorithms, which are known to be more resource-hungry. The project funded by NGI Zero would specifically target design changes to considerably increase the sampling rate (towards 200-250 MS/s) and to provide for a streaming mode (initially envisioned to be roughly 15-30 MS/s). It includes both a new hardware design and a significant update to the current open-source software of the ChipWhisperer platform, as well as demonstration of how to successfully use this with practically relevant ECC public-key algorithms.

>> Read more about Supersizing the Gun

Tracking the Trackers — Automated scanning for spyware in mobile applications

F-Droid is a free software, community app store that has been working since 2010 to make all forms of tracking and advertising visible to users. It is the trusted name for privacy in Android, and app developers who sell based on privacy make the extra effort to get their apps included in the F-Droid.org collection. These include Nextcloud, Tor Browser, TAZ.de, and Tutanota. Auditing apps for tracking is labor intensive and error prone, yet ever more in demand. Our tools already aide F-Droid contributors in this process. This project creates new tools using machine learning to drastically speed up this process by augmenting the human review process. Since the prime motivation of the F-Droid community is ethical software distribution, algorithms will never replace humans in making ethical decisions. We will also explore using machine learning to detect tracking in a more generic way, without requiring manually compiled lists of key information. The resulting tools will be generally available for any use case needing to reliably detect trackers in Android apps. This builds upon our collaboration with Exodus Privacy and LibScout.

>> Read more about Tracking the Trackers

GoatCounter — Privacy-friendly web analytics for small websites

GoatCounter aims to provide meaningful privacy-friendly analytics for businesspurposes, while still staying usable for non-technical users to use onpersonal websites. The choices that currently exist are between hosted online services that have serious privacy issues, running your own complex software, or extremely simplistic "vanity statistics". GoatCounter attempts to strike a good balance between various interests. Major features include an easy to run self-hosted option, an intuitive user interface that is also accessible to website maintainers with accessibility needs, and meaningful statistics that go beyond "vanity stats" but still respect user privacy.

>> Read more about GoatCounter

Lightmeter — Email server configuration lifecycle management

Lightmeter will make it easy to run email servers large and small by visualising, monitoring, and notifying users of problems and opportunities for improved performance and security. People will regain control of sensitive communications either directly by running their own mailservers, or indirectly via the increased diversity and trustworthiness of mail hosting services.

>> Read more about Lightmeter

MPTCP — MultiPath TCP

How do you find the best way to communicate with a computer on the other side of the internet? And why bet everything on a single connection? Multipath TCP (MPTCP) extends the most widely used transport protocol on the internet (TCP) so that it can discover and use several physical paths (e.g., Wifi, cellular, between multihomed servers) in parallel. This allows to speed up transfers, smoothly transition from wifi to cellular when leaving one's house or potentially prevent traffic spying.

While the protocol is proven to work well in certain conditions (the fastest TCP connection ever was using MPTCP), it is configuration-sensitive and can degrade badly under adverse conditions (for instance in heterogeneous networks with small buffers). The aim of this project is to provide the tool to help analyze the performance of a multipath protocol as well as the software to (auto)configure the system depending on the application objective and network conditions.

>> Read more about MPTCP

MobileAtlas — A distributed open hardware test infrastructure to analyse mobile networks

MobileAtlas is an international measurement platform for cellular networks that takes roaming measurements to the next level. Although mobile cellular networks have become a major Internet access technology, mobile data traffic is surging, and data roaming has become widely used, well-established measurement platforms (e.g., RIPE Atlas) are not well-suited for measurements in the mobile network ecosystem. This includes measurements of metered connections and consideration of roaming status and zero-rating offers.

MobileAtlas implements a promising approach by geographically decoupling SIM card and modem, which boosts the scalability and flexibility of the measurement platform. It offers versatile capabilities and a controlled environment that makes a good foundation for qualitative measurements. We want to establish the framework with at least twenty open hardware probes, and create a platform for shared usage among scientists and Internet activists.

>> Read more about MobileAtlas

NoScript Contextual Policies & LAN protection — Application Boundaries Enforcer (ABE) for new generation of browsers

NoScript is a FOSS browser extension for Firefox, Chromium and its derivatives. It can be used on desktop and mobile browsers, and enhances security by providing control over JavaScript and other active content. It is the first and still most effective XSS filter. NoScript is an integral part of the Tor Browser, as the back-end of its "Security Level" settings.

ABE-Quantum is the next generation of the Application Boundary Enforcer (ABE), a NoScript module that provided protection against several cross-site and cross-network attacks. When Mozilla abandoned the legacy Firefox add-ons platform in 2017, ABE did not survive the painful transition to the new cross-browser (but backward incompatible) WebExtensions API. The ABE-Quantum project aims to bring the main ABE features to WebExtension-capable browsers, and specifically: 1) contextual content blocking policies depending both on the origin and the destination of the request, e.g. "Block facebook.net scripts everywhere unless the parent site is facebook.com"; 2) protecting LAN endpoints (i.e. routers or other internal applications) against browser-based attacks from the WAN using the web layer to work-around traditional firewalls. These features will be integrated in NoScript's user interface - rather than leveraging a firewall-inspired policy definition language like in the original ABE - in order to provide a simpler, more accessible and more intuitive user experience.

>> Read more about NoScript Contextual Policies & LAN protection

OnBaSca — Tor Bandwidth Scanner

The Tor network is comprised of thousands of volunteer-run relays around the world, and millions of people rely on it for privacy and freedom online everyday. To monitor the Tor network's performance, detect attacks on it, and better distribute load across the network, we employ what we call Tor bandwidth scanners. The bandwidth scanners are run by the directory authorities, which are special relays that maintains a list of currently-running relays. This project will make a number of improvements to the new bandwidth scanner call sbws, to make it easier for directory authorities to deploy it, for relay operators to better diagnose issues and for end users to benefit from increased quality of experience.

>> Read more about OnBaSca

Statime PTP Master — Statime - Zero-allocation cross-platform Precision Time Protocol

High-precision clock synchronization is becoming increasingly important in application areas such as high precision localization, finance, broadcasting, security protocols, smart grids, and cellular base station transmissions. The Precision Time Protocol (PTP) is widely used for these critical applications and it is therefore important for it to be as secure and reliable as possible.

We have previously developed the first iteration of Statime, an implementation of a PTP slave in the Rust programming language. The outcome of that project is a secure-by-design implementation, leveraging the Rust borrow checker to guarantee memory-safety. With this project, we will expand our implementation in two ways. Firstly, we will expand the feature set to include a PTP master, conforming to the IEEE standard for PTP (the 2019 version, IEEE1588-2019), so we can run a full PTP instance with the memory-safety guarantees that our implementation provides.

Secondly, our implementation will be able to run without an operating system or system allocator. Those properties make the implementation inherently portable and more reliable. Our concrete goal for this second phase is that it runs on the stm32f7 microcontroller, a device with built-in PTP Ethernet support, but otherwise limited capabilities.

>> Read more about Statime PTP Master

Timing-Driven Place-and-Route (TDPR)  — Open hardware tool to synthesize digital silicon circuits

The lack of an open-source timing-driven place-and-route tool is one of the major barriers to creating technically fully transparent digital integrated circuits such as microprocessors. The most popular open-source place-and-route tools available today are not timing-driven, hence the generated layouts are generally not guaranteed to satisfy the timing constraints. This requires tedious and time-consuming manual interventions. This project will combine published algorithms with existing open-source projects to fill this gap. The tool will be released with the free/libre AGPLv3 licence together with extensive documentation and tutorials.

>> Read more about Timing-Driven Place-and-Route (TDPR) 

Trustix — Make build logs available as publicly verifiable, tamper-proof Merkle trees

Software build infrastructure is vastly underestimated in terms of its potential security impact. When we install a computer program, we usually trust downloaded software binaries. But even in the case of open source software: how do we know that we aren't installing something malicious which is different from the source code we are looking at - for instance to put us in a botnet or siphon away cryptocurrencies? Typically, we have confidence in the binaries we install because we get them from a trusted provider. But once the provider itself is compromised, the binaries can be anything. This makes depending on individual providers a single point of failure in a software supply chain. Trustix is a tool that compares build outputs across a group of providers - it decentralizes trust. Multiple providers independently build the software, each in their own isolated environment, and then can vouch for the content of binaries that are the outcome of reproducible builds - while non-reproducible builds can be automatically detected.

In this project the team will work on further enabling trust delegation, by offloading log verification to trusted third parties - heavily inspired by the Delegated Proof of Stake consensus algorithm. It will bring Trustix into the Nix and the Guix ecosystems that are most amenable to Trustix' approach. The ultimate goal is for Trustix to integrate seamlessly into the entirely decentralized software supply chain so we can securely distribute software without any central corruptible entity.

>> Read more about Trustix

WebXray Discovery — Expose tracking mechanism in search hubs

WebXray intends to build a filter extension for the popular and privacy-friendly meta-search Searx that will show users what third party trackers are used on the sites in their results pages. Full transparency of what tracker is operated by what company is provided to users, who will be able to filter out sites that use particular trackers. This filter tool will be built on the unique ownership database WebXray maintains of tracking companies that collect personal data of website visitors.

Mapping the ownership of tracking companies which sell behavioural profiles of individuals, is critical for all privacy and trust-enhancing technologies. Considerable scrutiny is given to the large players who conduct third party tracking and advertising whilst little scrutiny is given to large numbers of smaller companies who collect and sell unknown volumes of personal data. Such collection is unsolicited, with invisible beneficiaries. The ease and speed of corporate registration provides the opportunity for data brokers to mitigate their liability when collecting data profiles. We must therefore establish a systematic database of data broker domain ownership.

The filter extension that will be the output of the project will make this ownership database visible and actionable to end users, and to curate the crowdsourced data and add it to the current database of ownership (which is already comprehensive, containing detailed information on more than 1,000 ad tech tracking domains).

>> Read more about WebXray Discovery

XWiki — Bring wiki capabilities into the Fediverse

XWiki is a modern and extensible open source wiki platform. Up until now, XWiki had been focusing on providing the best collaboration experience and features to its users. We're now taking this to the next level by having XWiki be part of the larger federation of collaboration and social software (a.k.a. fediverse), thus allowing users to collaborate externally. XWiki is embracing the W3C ActivityPub specification. Specifically we're implementing the server part of the specification, to be able to both view activity and content happening in external services inside XWiki itself and to make XWiki's activity and content available from these other services too. A specific but crucial use case, is to allow content collaboration between different XWiki servers, sharing content and activity.

>> Read more about XWiki

Handling Data from IPv6 Scanning — Scanning tools for scaling up IPv6 scans

Scanning is state of the art to discover hosts on the Internet. Today’s scanning relies on IPv4 and simply probes all possible addresses. But global IPv6 adoption will render brute-forcing useless due to the sheer size of the IPv6 address space, and demands more sophisticated ways of target generation. Our team developed such an approach that generally allows to probe all subnets in the currently deployed IPv6 Internet within reasonable time. Positive responses are however scarce in the IPv6 Internet; thus, we include error messages in our analysis as they provide meaningful insight into the current deployment status of networks. First experiments covering only parts of the Internet were promising and at least 5% of our probes trigger error messages. However, a full scan would lead to approx. 10^14 responses causing Petabytes of data, and demands an adequate solution of data handling. In this project, we will develop a data storage and analysis solution for high-speed IPv6 scanning. It will process the high amount of received data concurrently with scanning, and provide continuous results while scanning for long periods. This effort enables full scans of the IPv6 Internet.

>> Read more about Handling Data from IPv6 Scanning

Software vulnerability discovery — Automating discovery of software update and vulnerabilities

nixpkgs-update automates the updating of software packages in the nixpkgs software repository. It is a Haskell program. In the last year, about 5000 package updates initiated by nixpkgs-update were merged. This project will focus on two improvements: One, developing infrastructure so that the nixpkgs-update can run continuously on dedicated hardware to deliver updates as soon as possible, and Two, integrating with CVE systems to report CVEs that are addressed by proposed updates. I believe these improvements will increase the security of nixpkgs software and the NixOS operating system based on nixpkgs.

>> Read more about Software vulnerability discovery

offen — Ethical site analytics, controlled by the user

Transparently handling data in the open creates mutual trust: Offen is a web analytics software that gives users insights into the data they are generating by giving them access to the same suite of analytics tools site operators themselves are using. Usage metrics come with explanations about their meaning, relevance, usage and possible privacy implications, and also details which kind of data is not being collected. Offen treats both users and operators as parties of equal importance. Users can expect full transparency and are encouraged to make autonomous and informed decisions regarding the use of their data, and operators are being enabled to collect needed usage statistics while fully respecting their users' privacy and data. No user data is being collected until the user has explicitly opted-in. All data can be deleted either selectively or in its entirety by the users.

>> Read more about offen