1. Design and Implementation of Certification Authority (CA) System

Generally, Certification Authority (CA) plays very important role in modern networks applications and services. After CA validates and verifies subscriber's public key and identity, it binds the public key with the owner's identity into so called Digital Certificate which is digitally signed using CA's private key. Using CA certificate and Certificate Revocation List (CRL), which is supposed to be published securely, other subscribers has an ability to verify digitally signed document is originally made by subscriber of the CA, or verify the party, with whom he communicates, is genuine. That is, the basic premise is that CA has to maintain correct binding between public key and its attributes which includes identity of the owner in a digital certificate.

Having fault in its operation, CA is usually the first place to be blamed and might face problem in the court of law. Then its ``liability'', which sounds like guaranty for not having false operation, has to be paid. Therefore, a CA should be well designed and well implemented.  

The aim of this project is a design and implementation of such CA. The system shall be based on open source operating systems and software.

·         Number of Students: 2

·         Specialization:  Software Engineering, Communication

2.U. of. K E-mail system: Design and Management

The 'electronic mail system' has been developed to simplify and enhance inter personnel communication in an intra-organizational setup. This follows a client-server approach where the website works on the server and the user form the client. The client requests the server for services and the server responds by transferring required information to the user. The site is going to be operated by the Internet users and administered by the organizational administrator who will be server based.

The administrator will have the privilege to limit the number of users that can register as members. He can limit the number of mail a particular user can store for himself. The administrator can also restore vital information in case of a serious breakdown.  The user will operate from the client side by accessing the provisions provided by the website. This can be done irrespective of the geographical location.

The aim of this project is to design an electronic mail system for University of Khartoum. The design will be based on Postfix as mail agent and squirrelmail as web interface. The student will develop a web management system for the postfix, user database, mail gateway remote management, etc. Other security issues shall be considered, e.g. spam, virus scanning, etc.

·         Number of Students: 3

·         Specialization:  Software Engineering, Communication

 

3. Virtual Router

The project entitled "Virtual Router" is a software simulation of ordinary hardware Router. A Router is a device that forwards packets along networks. They are located at the gateways, where different networks are connected. Virtual router is an emulation of physical router at the software and hardware level. It is software emulating those functionalities of a hardware router. It connects two or more IP networks or an IP network to an internet connection.

Virtual router is a software that offers a broad array of resources and services such as administration of network, configuration of router, both static and dynamic Routing, congestion control*, with high level (Linux level) of security. Of course this is software for providing route the packets in the different LANs. "Virtual Router" is developed in simple C language on Linux platform.

This project provides maximum assistance to those in need of any Routing information. It provides several services to authorized user (administrator) both for IPv4 and IPv6. There are mainly three modes of operation for ordinary Router - User mode, configuration mode and Enable mode. User mode - provides several facilities to login logout , exit etc, configuration mode provides for configure the router ,assigning host name, port configuration., IP address setting ,make port up/down , route table setting for static routing etc Enable mode provides to store the parameters which has been set by configure mode also make Router to up/down.

·         Number of Students: 2

·         Specialization:  Software Engineering, Communication

 

4.U. of K Network Monitoring and Management System

Network Monitoring System enables the local administrator to perform real time monitoring, data acquisition, data analysis and transmission .Here the administrator's work is made easier and simple.

Administrator is having options for new user registration, updating and deleting user accounts, enable or disable user accounts, time allotment of users, he can view the system details of any user, he can view the hardware and software defects in any system connected through the network, he can capture the system of any user using his system, detect failure in network and can access the full control of any user at any time, he can shutdown and reboot any system, chatting, and some other facilities in this system.

Whenever the administrator finds that a particular user performs an illegal activity, he can disable that user's account and the user is not permitted to log into the system. The Administrator has some other options to view some details regarding the accounts and the registered users in the network. He can view the complaints, requests and feedback made by the users. He can view the logged users’ details such as current logic time, last logos time etc., time allotment list of all the users, system details of a particular user in the network etc.Only the registered user can use the service provided by flee System.

The services offered to the user are mailing, chatting, call services such as complain. Request and feedback submission, and change password and view user's account details. Security features are also enhanced in the software by checking the user name, password and category. Time allotment for the user is done based on the user id. This system consists of mainly four modules namely failure detection, system details, user details and remote section.

The main objective of this project is to develop a full-fledged system giving detailed information about local network of a Campus. This project s focused mainly in administrative task. This software enables the local network administrator to view the entire network structure, to perform client control and real time monitoring, to find LAN traffic and failure detection and he can chat with the clients and check the complaints registered by them. The administrator can also change his password for ensuring security in the network.

 

Here the administrator monitors all the machines in the network and scan them for varius . He has the facility to view the system configuration. He also monitor all the users logged on to the network and has the facility to, view the details of the users such as username, last logoOFFtime, last logintime, login date and privilege.

 

Administrator can perform real time monitoring by viewing the current connected machines in the network and logged in users and hence can find their processor, application and memory details. Administrator has the facility to know actual network structure, desktop capture, shutdown, restart and IogOFF a remote system from his system.

Administrator can defect the traffic i.e. the frequency, delay and bandwidth of the network cable laid and hence he could take a decision whether to replace network cables of higher bandwidth and thereby get the speed of data transfer increased. Security features are also included to the software by checking username and password.

Administrator can send online messages to all remote systems in the network or send online messages to a particular user logged into remote system. Call registration facility is provided for the users to register his complaints and requests. Administrator has the facility to view the complaint registered by the user and send a reply back to the user. The users can also send feedback about the resources provided by tile organization. Administrator can find the software installed in a machine.

·         Number of Students: 3

·         Specialization:  Software Engineering, Communication

5.U. of K Network Authentication and Security System

The concepts behind network security break nicely into four categories: Authentication, Authorization (i.e.  Access Control), Accounting, and Secure Communications.

Authentication: This is simple verification of a user's identity. Always based on some form of trust, authentication relies on something that the user has, which can be compared to a known constant (the trusted value). This can occur either in an interaction with the user (a user ID and password are entered), or can range up to complex biometrics systems like fingerprint identification, face recognition or retinal scans. Authentication also can occur by proxy, such as a stored authentication token (kept in a workstation's memory while the user remains logged in, o r on a token such as a smartcard).

Authorization: Also known as access control, this form of security decides who is allowed where. File permissions are a good example of access controls. Usually stored in resource-level ACLs (access control lists), these are simply lists of authenticated users (or groups of users) who are allowed to access or are barred from accessing a given resource. This is usually the most complex aspect of network security since it requires the secure, centralized storage and access of these ACLs. Authorization can occur only once a user is authenticated, as authorization systems rely on lists of authenticated users.

Accounting: The basic task of recording who accessed what resource. Most network operating systems and services include some form of logging. This can either be performed independently at each service, or through a centralized accounting server. However, if performed centrally, all accounting information must be transferred securely, and can be affected by denial of service attacks (for instance, a hacker wishing to cover his tracks could prevent logging messages from reaching the accounting server).

Secure communications: The ability to protect network transmissions from both interception (where private information can be compromised) as well as unauthorized transmission, where a hacker can masquerade as a secure host, or can insert data into an established connection.

Kerberos is not a complete network security solution. While it does provide powerful tools to enable network wide user authentication and secure communications, it has no provisions for access control or accounting. The designers of Kerberos felt that it should function as part of a larger network environment, where access control is best left up to individual applications or a dedicated access control manager. Although the Kerberos server itself includes a minimal ACL to specify users authorized to change the Kerberos database, no other authorization system is provided. Likewise, as the actual authentication process occurs on the workstation, the Kerberos server doesn't concern itself with who is successfully authenticated. While the KDC (Kerberos server) does keep track of which tickets were issued, it provides more of a debugging function than an audit trail.

The aim of this project is to develop an authentication system for University of Khartoum Network based on Kerberos.

·         Number of Students: 3

·         Specialization:  Software Engineering, Communication

6.Online Device Controller ( ODC )

The Online Device Controller (ODC) is a multi-channel hardware administration system that has been developed to enable the control of equipments and appliances from any part of the world, through the Internet. The concept of ODC is a relatively new one, and makes use of Common Gateway interface (CGI), a very powerful technique that was hitherto used solely for e-mail, database access and other 'soft' purposes involving dynamic web page content. But, through this project we have made an attempt to bring a very powerful but often unknown and underutilized aspect of CGI; the same technique used to manipulate our e-mail accounts can equally well be applied to access the parallel port of the web server, and control hardware through it.

The aim of this project is to allow a remote user to login to the Web server and control the devices connected to the server. Also provided is the feature to control the same devices locally, through a Cordless Telephone.

The present product offers the facility to remotely control an ON/OFF device and an Intensity Variable load, through the Internet, and locally through a Cordless telephone and is a product of paramount significance in office, industrial and household applications.

·         Number of Students: 2

·         Specialization:  Software Engineering, Communication, Control and Instrumentation

7.PC Based Integrated Circuit Tester

A method and apparatus for verifying an integrated circuit device test for testing an integrated circuit device on an automated tester is presented. An integrated circuit device simulator simulates a flawed integrated circuit device that models one or more known flaws, or physical defects, in an assumed good integrated circuit device design. A tester simulator simulates the integrated circuit device test which sends stimuli to, and receives responses from, the simulated flawed integrated circuit device.

A test analyzer then determines whether the simulated test of the simulated flawed integrated circuit device detected the flaws in the simulated flawed integrated circuit device and properly failed the simulated flawed integrated circuit device.

·         Number of Students: 2

·         Specialization:  Electronic and Computer Engineering

8.Channel Modeling in Wireless Networks

My postgraduate students and I research RF propagation and wireless channel modeling. The objectives of this research are to enable the rapid and accurate prediction of RF Coverage, frequency domain response and data throughput in wireless networks. Such information is of great interest to wireless network planners and antenna designers. We are concerned with both fixed and ad-hoc networks. The methodology we employ is largely computational electromagnetic, mathematics and statistics. We research, develop and code numerical techniques to achieve our objectives. We test our results against field-measurements which we perform ourselves. We are also very interested in exploiting the capabilities of parallel computing and software radio. Most of our programming work is done in C, C++ and Matlab and using the NS2 simulator if you are interested in pursuing a project in this area then contact me by e-mail and we can meet to discuss.

·         Number of Students: 2

·         Specialization:  Software Engineering, Communication

 

9.University Electronic Fund Transfer System

Electronic funds transfer or EFT refers to the computer-based systems used to perform financial transactions electronically.

The term is used for a number of different concepts:

·           Cardholder-initiated transactions, where a cardholder makes use of a payment card

·           Direct deposit payroll payments for a business to its employees, possibly via a payroll services company

·           Direct debit payments from customer to business, where the transaction is initiated by the business with customer permission

·           Electronic bill payment in online banking, which may be delivered by EFT or paper check

·           Transactions involving stored value of electronic money, possibly in a private currency

·           Wire transfer via an international banking network (generally carries a higher fee)

·           Electronic Benefit Transfer

A number of transaction types may be performed, including the following:

·         Sale: where the cardholder pays for goods or service

·         Refund: where a merchant refunds an earlier payment made by a cardholder

·         Withdrawal: the cardholder withdraws funds from their account, e.g. from an ATM. The term Cash Advance may also be used, typically when the funds are advanced by a merchant rather than at an ATM

·         Deposit: where a cardholder deposits funds to their own account (typically at an ATM)

·         Cashback: where a cardholder withdraws funds from their own account at the same time as making a purchase

·         Inter-account transfer: transferring funds between linked accounts belonging to the same cardholder

·         Payment: transferring funds to a third party account

·         Enquiry: a transaction without financial impact, for instance balance enquiry, available funds enquiry, linked accounts enquiry, or request for a statement of recent transactions on the account

·         E top-up: where a cardholder can use a device (typically POS or ATM) to add funds (top-up) their pre-pay mobile phone

·         Mini-statement: where a cardholder uses a device (typically an ATM) to obtain details of recent transactions on their account

·         Administrative: this covers a variety of non-financial transactions including PIN change

The transaction types offered depend on the terminal. An ATM would offer different transactions from a POS terminal, for instance.

EFT transactions require communication between a numbers of parties. When a card is used at a merchant or ATM, the transaction is first routed to an acquirer, then through a number of networks to the issuer where the cardholder's account is held.

A transaction may be authorized offline by any of these entities through a stand-in agreement. Stand-in authorization may be used when a communication link is not available, or simply to save communication cost or time. Stand-in is subject to the transaction amount being below agreed limits, known as floor limits. These limits are calculated based on the risk of authorizing a transaction offline, and thus vary between merchants and card types. Offline transactions may be subject to other security checks such as checking the card number against a 'hotcard' (stolen card) list, velocity checks (limiting the number of offline transactions allowed by a cardholder) and random online authorization.

Before online authorization was standard practice and credit cards were processed using manual vouchers, each merchant would agree a limit ("floor limit) with his bank above which he must telephone for an authorization code. If this was not carried out and the transaction subsequently was refused by the issuer ("bounced"), the merchant would not be entitled to a refund.

The aim of this project is to design and develop an Electronic Fund Transfer system for the University of Khartoum to be related in a secure way to the  banking network.

·         Number of Students: 3

·         Specialization:  Software Engineering, Communication

10. Fingure Print Studenrs Attendance System

The aim of this project to design and implement  fingureprint students attendance system. The students will develope an attenance server to read and control the fingureprint sensor, and to generate reports.

Specilixation: Software engineering, Electronics, Communicastion, Control

Number of Students: 2