First a few round rules on the basis of which I would be happy to supervise a project, relating to project management, openness, tooling and quality assurance.

* I prefer supervising projects executed in the Python language using the petlib cryptographic libraries, or other libraries I maintain (see my and the InfoSec github repositories.) Unless of course 

* I prefer supervising project that will from the very start manage the codebase on an open public github repository. The project writeup may be on a private repository, but I prefer to supervise project that will make the final project document available to all. In all cases all project files must be in a git repository that I may access at all times.

* I prefer supervising projects that will produce open source code under a free license, preferably BSD, Apache or MIT. Similarly, I prefer if the final project document is made available under an open CC license.

* If you wish to do a project with me you must produce unit tests with good coverage for the entire code base, and bring to our meetings evidence of the passing tests and coverage. My prefered framework for doing this in Python is using pytest and tox. 

* In case of a distributed system's based project, you should be ready to script the deployment onto a real distributed set of VMs (on EC2) using appropriate devops techniques. My prefered method for this is using fabric or ansible.


Here are a few Final Year or MSc project ideas, that I would like to supervise (Updated for 2017/2018).

* An Android implementation of a mix-network client that supports anonymous communications. This is a key privacy technology, that is currently not available to mobile devices. We have a Python implementation, and part of the project will be porting the system to Android, and partly showing comformance and interoperability between implementations.

More information on Sphinx:
http://www.cypherpunks.ca/~iang/pubs/Sphinx_Oakland09.pdf
http://pythonhosted.org/sphinxmix/

* Multi-authority selective disclosure credentials. Traditional selective disclosure credentials depend on a single authority issuing them. However, such an authority needs to be trusted to not issue false credentials. The idea of this project is to modify the aMACs based credentials by Chase et al. to require multiple authorities to cooperate to issue a credential, under the assumption that a single honest authority would prevent false claims from being issued:

Melissa Chase, Sarah Meiklejohn, Greg Zaverucha:
Algebraic MACs and Keyed-Verification Anonymous Credentials. ACM Conference on Computer and Communications Security 2014: 1205-1216

Old project ideas, done or now boring:

* We recently proposed UnlimitID a way to make selective disclosure credentials interoperate with OAuth. The project aims will be to build a working identity system that accepts OAuth claims from providers (Google, Facebook), then uses UnlimitID to anonymiz them, and then issue fresh OAuth claims for use in other sites. For more information see: 

UnlimitID: Privacy-Preserving Federated Identity Management using Algebraic MACs.
Marios Isaakidis, Harry Halpin and George Danezis. Short Paper in WPES 2016.
http://www0.cs.ucl.ac.uk/staff/g.danezis/papers/UnlimitID_WPES16.pdf

* Anonymous messaging. Hiding a network's message content is easy with cryptography, but hiding who is talking to whom is harder. This project will implement a state-of-the-art mix-system that allows the transmission of untraceable messages based on the Sphinx mix design by Danezis & Goldberg (2009).

* A peer-to-peer public key infrastructure. The reason we do not use encryption for most communications is the lack of a free, easy to use and integrate, public key infrastructure. The aim of this project is to build a simple service that allows users to register verification keys, and applications to use them to authenticate users and encrypt messages to them. The twist: no single server should be able to impersonate a user!

* Privacy-friendly age verification, or other attributes. There are noises in government that some form of age verification may become mandatory to access some types of content online. The objective of this project is to implement a simple anonymous credential based age verification mechanism, that proves a user is over 18, but otherwise leaks nothing else about the identity of the user (not even that they are the same user as before). This combines techniques from attribute based credentials (crypto) and networking. 

* Anonymous e-cash. Credit card transactions tell your bank everything you buy, and tell the merchant who you are. Would it not be nice if we could have an electronic equivalent of physical cash? In particular, it could be used to pay small amount to web sites you visit and also do away with the need for annoying online ads. The project implements such a system, based on a simple scheme by Baldimtsi & Lysyanskaya (2013).

* Meiklejon and myself (Danezis) have proposed a centralized cryptographic currency. It is very scalable, and allows used to audit what the central bank and others in the system are doing, thus democratizing finance. The objective of this project is to implement the full logging sub-system that enables auditability, measure its performance and show that it fulfills its promises. The full paper describing the system is at: https://eprint.iacr.org/2015/502

* An android based cryptographic key exchange app and chat. Would it not be nice if you could chat, and exchange pictures, movies and files privately with all those you have met in the past? The aim of this project is to build a usable and secure way for two people to use their phones to exchange key material and subsequently have a private chat.

* Encrypted group chat. A number of good solutions exist for one-on-one private instant messaging (IM), but few that allow groups to talk in private over IM. The aim of this project is to implement one!

* Service for computations on private genetic data. Genetic tests are increasingly important in medicine, but would you trust your full genome being stored in the cloud? The aim of this project is the implementation of a privacy-friendly computation of genetic tests based on a simple protocol by Danezis & De Cristofaro (2014).

* JPG image steganography. Sometimes you want to send a secret message, but not even let an eavesdropper know you are using encryption. In those cases you may wish to use "steganography", the art of hiding secret messages into innocuous media such as pictures of kittens. The objective of this project is implement such a state-of-the-art scheme by Filler & Fridrich (2010).