Go to JKU Homepage
Institute of Networks and Security
What's that?

Institutes, schools, other departments, and programs create their own web content and menus.

To help you better navigate the site, see here where you are at the moment.

Master's Theses

Topics for Master's Thesis Seminar and Projects in Network and Security

  • Comparison of Firewall Rulesets in OpnSense, OpenWRT, and RouterOS

The aim of this project is to take an exemplary firewall rule set defined for the OpnSense firewall (using FreeBSD PF as the basis) and duplicate as many details as possible in a current OpenWRT (using the Linux netfilter based fw4 system) and RouterOS (with Mikrotik RouterOS CLI translating to Linux iptables rules). Based on this example, the main differences should be documented as findings for advantages/disadvantages of the respective systems. The example rule set should include multiple (VLAN) interfaces, a mix of IPv4 and IPv6 hosts and rules, different layer 4 protocols, and some special cases like multicast packet handling. A complete example with these aspects will be made available as part of the task.
It is possible to extend this project towards a Master's thesis by including additional aspects such as comparative performance analysis, integration with VPN tunnels and dynamic routing, software mitigations for security relevant bugs in the respective kernels and network stacks, etc.

Rene Mayrhofer
Michael Roland
Michael Sonntag


  • Ingest probable location data using a Large Language Model

In the CDL Digidow (digidow.eu) ecosystem, users have complete control over their Personal Identity Agent (PIA), which can perform tasks, such as unlocking doors based on data gathered from sensors in the surrounding environment.
One aspect of securing this system is that the PIA should be aware of their user's current activities, so it can judge if the person in front of the door might actually be an impostor.

Two potential digital sources of such information, to take into account are the user's email account and calendar.
The goal of this project is live-scanning this data, extracting relevant information like booked trains, flights, hotels, or other appointments, and outputting any identified events to the PIA's location model.

You should use techniques like prompt engineering and agent-based approaches (no training or long-running fine-tuning) with existing local LLMs.
You should expect to write some regular code in a reasonable language of your choice to continuously ingest input and forward the LLMs outputs.
Your solution should maintain a list of detected future events, in an agreed-upon format, which the LLM can update and the location model can consume.

Rene Mayrhofer
Martin Schwaighofer


  • DEPS Project - Problem A

Problem description:
Industrial-scale reverse engineering is a big problem, with estimated losses for the industry at 6,4 billion dollars in 2022 in Germany alone. A closer look at the problem shows that typically the main effort needed to steal the intellectual property of companies producing machines controlled by software, resides on replicating hardware, since software can often be copied verbatim with no reverse engineering effort required.

In DEPS we aim to change this status quo by means of a novel copy protection mechanism that “glues” a program P to a specific machine M. More concretely, we propose to subtly change P into a (reflective) program P ′ which will turn itself into P at run time, only if it is run in the target machine M. If P ′ is executed in a machine M′ other than M (even if M′ is a clone of M), it will then behave incorrectly, i.e., differently than P. Clearly, for this approach to work, the changes that P ′ needs to make to its code to become P at run time need to be well protected. This can be achieved by making these changes dependent on physically unclonable properties of the target machine M, via a physically unclonable function (PUF).

We would like you to work with us in a proof of concept of this novel protection mechanism, developing a prototype application of the protection applied to an example program P that controls a critical functions of a track tamping machine produced by our company partner Plasser & Theurer. The task is to implement the described protection mechanisms using reflection (i.e., self-modifying code) and a provided PUF. We will provide you with a detailed high-level specification of the mechanism and support you to refine it to the required level of abstraction, i.e., to its prototype implementation.

If you apply for this project, we expect you to have good programming and problem solving skills, preferably in C and C++.

Contacts at SCCH:
Dr. Flavio Ferrarotti
Univ.-Prof. Dr. Juliana Bowles
Rene Mayrhofer (Organization issues)

DEPS Project - Problem B:

Problem description:
In man-at-the-end (MATE) software attacks, attackers target assets embedded in software. By means of reverse engineering they try to steal confidential information, such as intellectual property in the form of algorithms. MATE attackers can mount sophisticated attacks, as they can tamper with software and data in their labs, where they have all kinds of software aids, such as debuggers, tracers, emulators, and customized operating systems; and hardware aids such as developer boards with (JTAG-based) hardware debuggers. Software protection techniques developed in our project DEPS transforms code to prevent situations where MATE attackers can steals the intellectual property of companies producing machines controlled by software. In the current industrial landscape, attackers concentrate their effort on replicating hardware, since the software components can usually be copied verbatim with no or very little reverse engineering effort required. Industrial-scale reverse engineering is a big problem, with estimated losses for the industry at 6,4 billion dollars in 2022 in Germany alone.

We want to evaluate thoroughly the protection mechanism developed in DEPS by modelling the most relevant relations between:

  1. (i) assets, 
  2. (ii) the software those assets are embedded in, 
  3. (iii) deployed protections, 
  4. (iv) individual attack steps and tools and methods to perform attacks on those protections and on the assets,
  5. (v) possible paths of attack that start from scratch and through which attackers can reach their ultimate reverse-engineering end goal, i.e., stealing the original asset.

For that, we propose to adapt and instantiate the meta-model for software protections and reverse engineering attacks proposed in https://www.sciencedirect.com/science/article/abs/pii/S0164121218302838, opens an external URL in a new window with the specific DEPS protection approaches, protection goals and reverse engineering attacks applicable to our case studies, building a Knowledge Base to perform risk analysis.  

Prerequisites: Solid knowledge of software security fundamentals. Knowledge of risk analysis techniques and/or reverse engineering techniques would be ideal.

Contacts at SCCH:
Dr. Flavio Ferrarotti
Univ.-Prof. Dr. Juliana Bowles
Rene Mayrhofer (Organization issues)

  • Evaluating Attack Scenarios against Large Language Models

Abstract: Large Language Models (LLMs) like (Chat)GPT, LLaMA, Alpaca, etc. are currently being evaluated or already being put into use in many new scenarios, including decision-making processes. The aim of this thesis is to experiment with, evaluate, and potentially develop counter-measures to text-based attack scenarios for such LLMs. A starting point are the various (local or cloud hosted) chat based interfaces to interact with such models: by engineering text prompts to explicitly make models misbehave, that is, emit answers that seem counter to the intention of the respective scenario, the thesis should document a first starting set of attacking prompt types. Based on such attack prompts, the next question is how these prompts can be fed into LLM-using systems in specific scenarios, e.g. for filtering resumes of job applicants, preparing reviews of scholarly documents, or summarizing news sources. Potential approaches include hiding the attack prompts in various file formats such as HTML or PDF in a way that human reviewers will not notice the hidden prompts but LLMs acting on those files will receive them as input. Ideally, the thesis will end with a classification of attack prompt classes and injection methods for a starting set of LLM based services. Students interested in this topic should have a basic understanding of how machine learning in general and LLMs in particular as well as a strong interest in working around the usual constraints of a system to "think outside the box".

Contact: Rene Mayrhofer

  • Privacy-Preserving Biometric Matching via Secure Two-Party Computation

Abstract: Strong user authentication based on biometrics is gaining more and more importance. As a basis for further research in the domain of privacy-friendly usage of biometrics, the goal of this thesis project is to analyze the practical efficiency and performance of existing cryptographic approaches and frameworks based on secure two-party computation for matching biometric features in a privacy-preserving manner. This project will be done in collaboration with AIT.

Kontakt: Omid Mir, Rene Mayrhofer


  • Rust implementation of face detection and -recognition networks (Master project - Project in Networks and Security)

This master project helps to generalize research on face biometrics by increasing the pool of possible face detection and -recognition systems in our Rust implementation. Your task would be to research state-of-the-art systems and implement a subset of those in Rust.

Contact: Philipp Hofer

  • Evaluation of FIDO2 security key attestation

[FIDO2](https://fidoalliance.org/fido2/, opens an external URL in a new window) is a standard for secure privacy-preserving cryptographic login to websites. FIDO2 tokens (or security keys) can be used as second-factor in addition to password-based login or as a standalone authentication token for [passwordless login](https://www.yubico.com/authentication-standards/fido2/, opens an external URL in a new window). In order for a website to determine if a user's FIDO token is sufficiently trustworthy, tokens implement an [attestation mechanism](https://fidoalliance.org/fido-technotes-the-truth-about-attestation/, opens an external URL in a new window). The goal of this thesis project is to analyze the capabilities (e.g. supported cryptographic algorithms) of current FIDO2 hardware (and software) tokens and to analyze their attestation mechanisms (particularly in terms of certificate chains).

Contact: Michael Roland

  • Evaluation of Tor relay performance

Can the Tor client experience be improved by limiting a Tor client to a subset of the available Tor relays? What criteria would be best suited to select a high-performance subset?
The goal of this thesis is to answer these questions by analyzing the performance differences between Tor relays based on grouping them by publicly available attributes. Possible criteria could include (but are not limited to) the flags they have obtained (e.g. only using stable or fast relays for all connections), the port number they accept connections on, their age, their advertised bandwidth, etc.  

Contact: Michael Roland

  • Vein recognition

In the CDL Digidow (digidow.eu) sensors can identify participating individuals based on different biometric factors. This master thesis will compare different state-of-the-art vein recognition models and extend our real-life prototype with vein recognition.

Contact: Philipp Hofer

  • Privacy on Smartphones

Protecting privacy on smartphones has been recognized as a vital factor because portable devices operate nowadays with more and more sensitive personal data (location/geotags, contacts, call history, text messages, photos, physical health, etc.). The goal of this work is to extend the Android Device Security Database (which is more focused on security, see https://www.android-device-security.org/, opens an external URL in a new window) to privacy attributes and indicators (e.g. privacy policies, user profiling, network traffic analysis, company resolution) for various OEMs/models.

Contact: Jan Horacek

  •  Anomaly Detection in Cybersecurity

Abstract: Anomaly detection systems (such as ones implemented in EDR or IDS) are very useful tools that help blue teams, e.g., to identify exploitation of zero-day vulnerabilities. They are designed to detect (unusual) malicious activity based on events. The techniques used to find anomalies are very broad - ranging from predefined rules to deep learning methods. Furthermore, the scenarios that are relevant to this topic are quite extensive (LAN security, DDoS, UEBA, DLP, etc.). The thesis should address at least the first three points:

1. Scope: pick a scenario, explain the use cases and create appropriate test data/benchmarks (if they do not exist)
2. Methods: describe detection techniques including the underlying theory that suit the scope defined in 1.
3. Implementation: implement the techniques mentioned in 2. (preferably in python) and compare the performance, discuss the usability
4. Visualization: how to visualize events and anomalies in a system?
5. Research: improve some published results

Contact: Jan Horacek

  • Reading machine readable ID documents on Android

Abstract: The goal of this project is to create an open source implementation of an Android app to read and verify data from machine readable ID documents via NFC (such as eMRTD/electronic passport).

Contact: Michael Roland

  • Mobile driving license reference implementation

Abstract: The goal of this project is to implement the current standard for mobile driving licenses (ISO/IEC 18013-5) on Android.

Contact: Michael Roland

  • Physical user location model using machine learning

Abstract: Smart environments are increasing in popularity. In the CDL Digidow (digidow.eu) users can interact with various sensors in the physical world. In order to enhance the sensors ability to rapidly fulfill the users request(s), it could predict the users location and thus infer the most probable action in the future. The goal of this project is to create a prediction about the user location in the immediate future, based on various inputs, such as videos and smartphone sensors (IMU), by e.g. calculating movement vectors.

Contact: Philipp Hofer

  • Security analysis of the Linux kernel in Mikrotik RouterOS

Abstract: Mikrotik RouterOS is a Linux kernel based embedded operating system for network routers, switches, access points, etc. While the userspace components are closed source, patches and configuration options for the used Linux kernel are available. The goal of this project is to analyze which security vulnerabilities - especially remotely exploitable ones - are publicly known for the user kernel version and if/how they have been patched. Necessary skills for this project include reading/writing C, reading and applying patches to source code, and compiling and testing native C code.

Contact: Rene Mayrhofer

  • Security of e-scooters

TIER, Arolla, Wind, Lime, voi. ... after only two month e-scooters are all over Linz. The idea has been picked up pretty well and even the StVO (traffic rules) is going to be updated to bring (legal) clarity for the use of them. Besides all the positive voices, there is also quite some criticism, mainly about cityscape and safety. Above that, pushing to the market in such a short time frame also has the potential that security considerations have been left behind. Therefore, we are interested in various aspects of e-scooter security and have a few topics for master theses/projects to work on.
Contact: Michael Roland

  • Tracking of persons through Wi-Fi sniffing

The goal of this project is to passively collect and analyze Wi-Fi (802.11) packets with regard to information that could be used to track or even identify an individual person. In particular, 802.11 management frames, opens an external URL in a new window such as probe requests seem to broadcast usable information.
As a first step, you need to build an environment to passively collect (sniff) Wi-Fi communication and to extract the relevant data (possibly based on existing open source projects). Using that environment, you will collect and analyze data emitted from various mobile devices (particularly different smartphones, typically carried around in everyones pockets). Finally, you should be able to evaluate if that data could be used to track someone's movements around a building.
Contact: Michael Roland

  • Injecting URLs and other data to Smart TVs via DVB-T

The Institute of Networks and Security has software defined radio hardware that should be suitable to create and inject DVB-T signals into receivers such as Smart TVs. The aim of this thesis is to reproduce and potentially extend the work shown in https://www.youtube.com/watch?v=bOJ_8QHX6OA, opens an external URL in a new window on how injected HbbTV URLs are automatically opened/executed on some Smart TVs to allow a remote code execution.

  • Security analysis of the communication protocol of a MAVIC PRO drone

This project aims to investigate the two communication channels (Wi-Fi and a custom RF) of a commercial drone (http://www.dji.com/mavic?from=v3_landing_page, opens an external URL in a new window) and analyze the used communication protocol. Using a software defined network and state-of-the-art reverse engineering tools, your goal is to find potential security weaknesses and make suggestions on how to improve the existing protocols.
Contact: Rene Mayrhofer

  • Smart home security: preventing privacy leaks with home routers
  • E-Learning System für Websites am Beispiel RIS

Beispiels-Suchaufgaben mit Beobachtung des Benutzers (Eingabe, Mausbewegungen etc.) und adaptiven Reaktionen darauf (Verbesserungsvorschläge, Vorzeigen mit Maus&Eingabe + Audio-Kommentar); Zwei Varianten (ca. 10 Min. für Laien, ca. 90 Minuten für Profis)
Contact: Michael Sonntag

  • Translate security protocols specified in Alice&Bob notation to Scyther language

Alice&Bob notation has been widely used to describe security protocols. However, protocol verification tools such as ProVerif, Scyther, and Tamarin have their own specification language. We are therefore interested in developing a tool that allows translating an Alice&Bob specification to other languages that can then be used as input to different verification tools. The goal of this particular task is to build a tool that translates an Alice&Bob specification to Scyther specification. As Scyther does not support equational theories that are often used to model for instance Diffie-Hellman exponentiation, not all Alice&Bob specifications are convertible to Scyther's language. Nevertheless, many protocols such as Kerberos and Needham-Schroeder variants are translatable.
Contact: Jan Horacek