• Privacy-Preserving Biometric Matching via Secure Two-Party Computation
  Abstract: Strong user authentication based on biometrics is gaining more and more importance. As a basis for further research in the domain of privacy-friendly usage of biometrics, the goal of this thesis project is to analyze the practical efficiency and performance of existing cryptographic approaches and frameworks based on secure two-party computation for matching biometric features in a privacy-preserving manner. This project will be done in collaboration with AIT.

Contact: Omid Mir, Rene Mayrhofer

• Implement an example website (as a normal and as a hidden service) with a database, which is always running on a Tor hidden service (somewhere else!): SQL and NoSQL. Test whether this works or what is needed, how efficient and resilient it is (e.g. reconnections), and do performance tests. Do this for a “classic” webpage as well as a SPA (Single Page Application): the page must load the data via JavaScript (from a Tor service!). Classic page on normal server with hidden DB, Classic page on hidden server with hidden DB, SPA on normal server with hidden API/DB, SPA on hidden server with hidden API/DB.

Kontakt: Michael Sonntag

• Basis-Idee (wäre aber noch zu erweitern/ausarbeiten): Bei Tor können aus dem Schlüssel für Hidden Services weitere Schlüssel abgeleitet werden. Das wird schon beim Directory benützt. Entwurf eines Systems, dass in (abhängig von einem geheimen Startwert) in "zufälligen" Abständen neue Schlüssel generiert. Wenn man dieser Geheimen Wert kennt, kann man auch aus (nur!) dem öffentlichen Schlüssel die zugehörigen abgeleiteten öffentlichen Schlüssel berechnen. Dies würde ein "Hopping" bei Hidden Services erlauben. Implementieren, teste, überlegen wofür das verwendet werden kann, Vor- &Nachteile

Contact: Michael Sonntag

• Sensor node communication via ephemeral Tor Onion services

Abstract: The goal of this project is to create a library for simple machine-to-machine communication via short-lived hidden Onion services.

Contact: Michael Roland
 

•  Mobile driving license reference implementation

Abstract: The goal of this project is to implement the current standard for mobile driving licenses (ISO/IEC 18013-5) on Android.

Contact: Michael Roland

• Security analysis of the Linux kernel in Mikrotik RouterOS

Abstract: Mikrotik RouterOS is a Linux kernel based embedded operating system for network routers, switches, access points, etc. While the userspace components are closed source, patches and configuration options for the used Linux kernel are available. The goal of this project is to analyze which security vulnerabilities - especially remotely exploitable ones - are publicly known for the user kernel version and if/how they have been patched. Necessary skills for this project include reading/writing C, reading and applying patches to source code, and compiling and testing native C code.

Contact:Rene Mayrhofer

• Android Device Security Database: Network monitoring

Abstract: The goal of this project/thesis is to automate monitoring of network traffic from Android devices. An OpenWRT based access point grants device-specific access to Android devices through 802.1x authentication. All network traffic from each device should be monitoring in terms of statistical data (number of packets, data volume, etc.) and classified on higher levels (e.g. HTTPS traffic, collecting the set of external hosts a device connects to, etc.). These network data traces should be collected systematically in a database for analysis including daily statistics for idle devices, traffic during and after a firmware update, and other interesting features.

Contact: Michael Roland, opens an external URL in a new window

• Comparison of DNS results for TOR exit node DNS queries against different providers

As seen by a recent incident at our TOR exit node, where the ISP DNS servers manipulated the outcome of certain DNS queries through a DNS filtering system, interception at the level of DNS results is a popular (though questionable) means to block unwanted web traffic.

In this bachelor's thesis, the outcome of presenting DNS queries performed by our TOR exit node to multiple different providers should be analyzed. Moreover, cases where deviating responses are observed should be further investigated. Interesting deviations would be primarily those caused by filtering/censorship.

Contact: Michael Roland

• Analysis and implementation of the iButton/1-Wire protocol (ELECTRONICS SKILLS REQUIRED)

The goal of this bachelor thesis project is to analyze the iButton®/1-Wire® protocol, opens an external URL in a new window and to build an environment for reading and emulating iButton slave devices.

Contact: Michael Roland

• Implement a VoIP tap for Softphones (i.e. VoIP phones implemented as software running on a PS)

This should copy the network traffic and/or the sound output. This should then be run through libraries (to be obtained: Open Source like https://www.informatik.uni-augsburg.de/lehrstuehle/hcm/projects/tools/emovoice/, opens an external URL in a new window) and speaker detection. This should then show feedback about who is talking how much (e.g. percent) and the mood of the speakers.

Contact: Michael Sonntag

• Reconstructing internet video from a network trace

This should work for IP video telephony, but potentially also for other communications. The main task here is to handle missing parts, e.g. keeping the old picture or replacing it with "white/black screen". The sniffed traffic should then be playable and be accompanied by exact specifications what was found, and what/when there were "holes" filled.

Contact: Michael Sonntag

• Online-Nachsuche

Software zur genauen und beweissicheren Dokumentation von Aktionen und Daten, die z.B. beim forensischen Zugriff auf einen fremden Webmail-Account erfolgen

Contact:Michael Sonntag

• Asterisk als Anonymisierungsserver

Eingehende Telefonate weitervermitteln, ähnlich zu TOR (evtl. mittels VoIP + Ausgangsserver etc.)

Contact: Michael Sonntag