Go to JKU Homepage
Institute of Networks and Security
What's that?

Institutes, schools, other departments, and programs create their own web content and menus.

To help you better navigate the site, see here where you are at the moment.

Master's Theses

  • Evaluation of FIDO2 security key attestation

[FIDO2](https://fidoalliance.org/fido2/, opens an external URL in a new window) is a standard for secure privacy-preserving cryptographic login to websites. FIDO2 tokens (or security keys) can be used as second-factor in addition to password-based login or as a standalone authentication token for [passwordless login](https://www.yubico.com/authentication-standards/fido2/, opens an external URL in a new window). In order for a website to determine if a user's FIDO token is sufficiently trustworthy, tokens implement an [attestation mechanism](https://fidoalliance.org/fido-technotes-the-truth-about-attestation/, opens an external URL in a new window). The goal of this thesis project is to analyze the capabilities (e.g. supported cryptographic algorithms) of current FIDO2 hardware (and software) tokens and to analyze their attestation mechanisms (particularly in terms of certificate chains).

Contact: Michael Roland

  • Evaluation of Tor relay performance

Can the Tor client experience be improved by limiting a Tor client to a subset of the available Tor relays? What criteria would be best suited to select a high-performance subset?
The goal of this thesis is to answer these questions by analyzing the performance differences between Tor relays based on grouping them by publicly available attributes. Possible criteria could include (but are not limited to) the flags they have obtained (e.g. only using stable or fast relays for all connections), the port number they accept connections on, their age, their advertised bandwidth, etc.  

Contact: Michael Roland

  • Vein recognition

In the CDL Digidow (digidow.eu) sensors can identify participating individuals based on different biometric factors. This master thesis will compare different state-of-the-art vein recognition models and extend our real-life prototype with vein recognition.

Contact: Philipp Hofer

  • Privacy on Smartphones

Protecting privacy on smartphones has been recognized as a vital factor because portable devices operate nowadays with more and more sensitive personal data (location/geotags, contacts, call history, text messages, photos, physical health, etc.). The goal of this work is to extend the Android Device Security Database (which is more focused on security, see https://www.android-device-security.org/, opens an external URL in a new window) to privacy attributes and indicators (e.g. privacy policies, user profiling, network traffic analysis, company resolution) for various OEMs/models.

Contact: Jan Horacek

  •  Anomaly Detection in Cybersecurity

Abstract: Anomaly detection systems (such as ones implemented in EDR or IDS) are very useful tools that help blue teams, e.g., to identify exploitation of zero-day vulnerabilities. They are designed to detect (unusual) malicious activity based on events. The techniques used to find anomalies are very broad - ranging from predefined rules to deep learning methods. Furthermore, the scenarios that are relevant to this topic are quite extensive (LAN security, DDoS, UEBA, DLP, etc.). The thesis should address at least the first three points:

1. Scope: pick a scenario, explain the use cases and create appropriate test data/benchmarks (if they do not exist)
2. Methods: describe detection techniques including the underlying theory that suit the scope defined in 1.
3. Implementation: implement the techniques mentioned in 2. (preferably in python) and compare the performance, discuss the usability
4. Visualization: how to visualize events and anomalies in a system?
5. Research: improve some published results

Contact: Jan Horacek

  • Reading machine readable ID documents on Android

Abstract: The goal of this project is to create an open source implementation of an Android app to read and verify data from machine readable ID documents via NFC (such as eMRTD/electronic passport).

Contact: Michael Roland

  • Mobile driving license reference implementation

Abstract: The goal of this project is to implement the current standard for mobile driving licenses (ISO/IEC 18013-5) on Android.

Contact: Michael Roland

  • Physical user location model using machine learning

Abstract: Smart environments are increasing in popularity. In the CDL Digidow (digidow.eu) users can interact with various sensors in the physical world. In order to enhance the sensors ability to rapidly fulfill the users request(s), it could predict the users location and thus infer the most probable action in the future. The goal of this project is to create a prediction about the user location in the immediate future, based on various inputs, such as videos and smartphone sensors (IMU), by e.g. calculating movement vectors.

Contact: Philipp Hofer

  • Security analysis of the Linux kernel in Mikrotik RouterOS

Abstract: Mikrotik RouterOS is a Linux kernel based embedded operating system for network routers, switches, access points, etc. While the userspace components are closed source, patches and configuration options for the used Linux kernel are available. The goal of this project is to analyze which security vulnerabilities - especially remotely exploitable ones - are publicly known for the user kernel version and if/how they have been patched. Necessary skills for this project include reading/writing C, reading and applying patches to source code, and compiling and testing native C code.

Contact: Rene Mayrhofer

  • Security of e-scooters

TIER, Arolla, Wind, Lime, voi. ... after only two month e-scooters are all over Linz. The idea has been picked up pretty well and even the StVO (traffic rules) is going to be updated to bring (legal) clarity for the use of them. Besides all the positive voices, there is also quite some criticism, mainly about cityscape and safety. Above that, pushing to the market in such a short time frame also has the potential that security considerations have been left behind. Therefore, we are interested in various aspects of e-scooter security and have a few topics for master theses/projects to work on.
Contact: Michael Roland

  • Tracking of persons through Wi-Fi sniffing

The goal of this project is to passively collect and analyze Wi-Fi (802.11) packets with regard to information that could be used to track or even identify an individual person. In particular, 802.11 management frames, opens an external URL in a new window such as probe requests seem to broadcast usable information.
As a first step, you need to build an environment to passively collect (sniff) Wi-Fi communication and to extract the relevant data (possibly based on existing open source projects). Using that environment, you will collect and analyze data emitted from various mobile devices (particularly different smartphones, typically carried around in everyones pockets). Finally, you should be able to evaluate if that data could be used to track someone's movements around a building.
Contact: Michael Roland

  • Injecting URLs and other data to Smart TVs via DVB-T

The Institute of Networks and Security has software defined radio hardware that should be suitable to create and inject DVB-T signals into receivers such as Smart TVs. The aim of this thesis is to reproduce and potentially extend the work shown in https://www.youtube.com/watch?v=bOJ_8QHX6OA, opens an external URL in a new window on how injected HbbTV URLs are automatically opened/executed on some Smart TVs to allow a remote code execution.

  • Security analysis of the communication protocol of a MAVIC PRO drone

This project aims to investigate the two communication channels (Wi-Fi and a custom RF) of a commercial drone (http://www.dji.com/mavic?from=v3_landing_page, opens an external URL in a new window) and analyze the used communication protocol. Using a software defined network and state-of-the-art reverse engineering tools, your goal is to find potential security weaknesses and make suggestions on how to improve the existing protocols.
Contact: Rene Mayrhofer

  • Smart home security: preventing privacy leaks with home routers
  • E-Learning System für Websites am Beispiel RIS

Beispiels-Suchaufgaben mit Beobachtung des Benutzers (Eingabe, Mausbewegungen etc.) und adaptiven Reaktionen darauf (Verbesserungsvorschläge, Vorzeigen mit Maus&Eingabe + Audio-Kommentar); Zwei Varianten (ca. 10 Min. für Laien, ca. 90 Minuten für Profis)
Contact: Michael Sonntag

  • VM ressource usage verification

Unter Hype-V kann man den Ressourcenverbrauch einer VM genau messen. Kann man Software so ändern, dass sie regelmäßig Logging an Drittmaschinen ausgibt, wie viel Arbeit sie verrichtet hat? Kann man dies dann mit den Hyper-V-Messungen vergleichen? Kann man daraus feststellen, ob zusätzliche Software (= Malware) in der Maschine läuft bzw die Abrechnung zumindest ungefähr korrekt ist? Implementierung eines Beispiels an einem Webserver (plus Datenbank intern oder separat sowie Zugriff auf externe Webressourcen). Relevant: CPU-Last/Nutzung, Disk-Nutzung, Bandbreite – nicht unbedingt absolut aber z.B. nach einer Kalibrierungsphase.
Contact: Michael Sonntag

  • Translate security protocols specified in Alice&Bob notation to Scyther language

Alice&Bob notation has been widely used to describe security protocols. However, protocol verification tools such as ProVerif, Scyther, and Tamarin have their own specification language. We are therefore interested in developing a tool that allows translating an Alice&Bob specification to other languages that can then be used as input to different verification tools. The goal of this particular task is to build a tool that translates an Alice&Bob specification to Scyther specification. As Scyther does not support equational theories that are often used to model for instance Diffie-Hellman exponentiation, not all Alice&Bob specifications are convertible to Scyther's language. Nevertheless, many protocols such as Kerberos and Needham-Schroeder variants are translatable.
Contact: Michael Sonntag

  • Extend JPLAG to support assembly language

JPLAG: https://jplag.ipd.kit.edu/, opens an external URL in a new window
Ideally in a generic way, so Gnu/Intel syntax is both possible (perhaps even interchangeable!), and also different processor architectures.
Contact: Michael Sonntag