The ARPA2 project is the development branch of InternetWide but it also engages in software and protocol research. This is a logical consequence of our quest for modern infrastructure for the Internet.

The projects listed here are all potential student research projects. In general, they have a deliverable in the form of software and/or analysis such as measurements.

If you are interested in any of these projects, then please contact us -- we are interested in talking to students as well as their guides. Students are also welcomed to use this list to communicate with others working on overlapping projects.

What we are offering is being an integral part of a developing project that moves towards an open, transparent and above all mature Internet where users are first-order citizens, quite unlike what we feel is the practice today; we work towards regaining distributed control and more privacy and stronger security.

What we cannot offer you at this point, is a physical working site, as we don't have the office space; ARPA2 conducts its work in a myriad of independent coders and researchers that each do their share of the work, and come together via email lists and other online mechanisms.

Topics of Interest

This is a short list of keywords that you can use to quickly see if this is the sort of technology that you would enjoy working on:

Open Projects

These projects are looking for students that are interested in running them.

Currently Active Projects

  • Running FastCGI over SCTP
    Future web infrastructure, SCTP.

    This work has been assigned to Ioannis Giannoulatos, who is doing it as his OS3 research project.

  • TLS Pool brings TLS implementations together in one daemon, where it is no longer loading credentials into an application's namespace. We believe that the manageability of such solutions greatly empowers security officers to control their network security.

  • SteamWorks exchanges (configuration) information over LDAP. It is designed to cross-realm between operational realms, and to configure any application, without requiring LDAP support in such an application.

  • Bootstrapping Online Identity aims at using various sources of circumstantial evidence for online identity, and combine them to a stronger form of identity. After that, strong crypto can be used to exploit this identity in any bring your own identity supportive site.

    This work is executed as by Tom Vrancken, as an MSc assignment for his education at the Kerckhoff Institute.

Past Projects

  • TLS-KDH integrates Kerberos with Diffie-Hellman as a TLS mechanism.

    This implementation work has been assigned to Tom Vrancken, a last-year student at the Kerckhoff Institute.
    Read the report

  • Kerberos Realm Crossover
    DNSSEC, DANE, Kerberos, X.509 Certificates, Realm Crossover.

    This work was done by Oriol Caño, for his MSc final assignment in the course of his TU/e computer science education.
    The work showed by way of a prototype implementation that our idea of automatic trust establishment between KDCs can be founded on DNSSEC/DANE. It also showed us that the original idea of strictly basing this on the PKINIT protocol is not completely possible; and also, that having completely separate message types is better for the operational and security side of things.
    Read the report

  • Zero-effort Service Monitoring aims at automatic monitoring of services that run under systemd control. It is expected to require no additional configuration, other than setting up a monitoring solution, and can even be adaptive to network changes. This work was done by Julien Nyczak as an OS3 research project.
    The work showed that only code changes to SNMP and/or systemd are needed to support zero-effort service monitoring; it also shows that the existing standard Network Service MIB could be refined with additional statusses to report to monitoring tools.
    Read the report
    Review his code

  • Monitoring DNSSEC involved DNSSEC, monitoring, SNMP, MIB, IETF/RFC. The work was conducted by Martin Leucht and Julien Nyczak in Januari 2015, as a midway research project for their OS3 education.
    The work was enthousiastically received by DNSSEC practitioners, and is likely to get a follow-up in their daily practice.
    Read the report
    Review their code

  • An exploration of cross-over compatibility of various Kerberos implementations was conducted by Mick Pouw and Esan Wit in July 2014, as part of their final research project for their OS3 education.
    Read the report

  • A proof of concept of our TLS Pool project was created by René Klomp and Thijs Rozekrans in July 2013, as part of their final research project for their OS3 education.
    Read the report