Zur JKU Startseite
Institut für Netzwerke und Sicherheit
Was ist das?

Institute, Schools und andere Einrichtungen oder Angebote haben einen Webauftritt mit eigenen Inhalten und Menüs.

Um die Navigation zu erleichtern, ist hier erkennbar, wo man sich gerade befindet.

Themen für Bachelor- und Projektarbeiten:

  • Liveness-Check for face recognition (Projektarbeit)

Smart environments are increasing in popularity. In the CDL Digidow (digidow.eu) users can interact with various sensors in the physical world. These sensors recognize people based on different modalities. In our prototype we use face recognition. In order to prevent presentation attacks (e.g. showing an image/video of a person) this thesis will focus on researching state-of-the-art liveness detection modules and implementation and integration into the Digidow prototype.

Kontakt: Philipp Hofer


  • SeFReDoSS: Secure Federated Regular Document Submission Service

Abstract: The problem statement is that regularly (e.g. every month, quarter, year, etc.), some service provider (banks, credit cards, mobile network operators, various utility providers, etc.) need to send updated information such as bills or statements. We propose that “callback URLs” are an appropriate way to deliver these updated information snippets with semantics similar to the well-understood paper letters. As one would register a postal mailing address with a provider, logging into their web interface to register the web equivalent does not compromise security.

This project should implement the concept described as a quick prototype using Nextcloud shares at https://www.mayrhofer.eu.org/post/secure-delivery-of-regular-information/, öffnet eine externe URL in einem neuen Fenster within the Digidow project prototype of "Personal Identity Agents" (PIAs). The goal is to implement PUT-only document submission URLs either within the existing PIA prototype or an associated micro-web-service that interfaces with a PIA. A user-accessible web interface is required to register new submission URLs for a new provider (e.g., by creating a new sub-URL) and their associated policy (e.g., to move incoming documents with timestamped filenames into configurable directories on the local filesystem). The implementation should be done in Rust.

Kontakt: Michael Roland


  • Sensor node communication via ephemeral Tor Onion services

Abstract: The goal of this project is to create a library for simple machine-to-machine communication via short-lived hidden Onion services.

Kontakt: Michael Roland

  •  Mobile driving license reference implementation

Abstract: The goal of this project is to implement the current standard for mobile driving licenses (ISO/IEC 18013-5) on Android.

Kontakt: Michael Roland

  • Security analysis of the Linux kernel in Mikrotik RouterOS

Abstract: Mikrotik RouterOS is a Linux kernel based embedded operating system for network routers, switches, access points, etc. While the userspace components are closed source, patches and configuration options for the used Linux kernel are available. The goal of this project is to analyze which security vulnerabilities - especially remotely exploitable ones - are publicly known for the user kernel version and if/how they have been patched. Necessary skills for this project include reading/writing C, reading and applying patches to source code, and compiling and testing native C code.

Kontakt: Rene Mayrhofer

  • Comparison of DNS results for TOR exit node DNS queries against different providers

As seen by a recent incident at our TOR exit node, where the ISP DNS servers manipulated the outcome of certain DNS queries through a DNS filtering system, interception at the level of DNS results is a popular (though questionable) means to block unwanted web traffic.

In this bachelor's thesis, the outcome of presenting DNS queries performed by our TOR exit node to multiple different providers should be analyzed. Moreover, cases where deviating responses are observed should be further investigated. Interesting deviations would be primarily those caused by filtering/censorship.

Kontakt: Michael Roland

  • Implement a VoIP tap for Softphones (i.e. VoIP phones implemented as software running on a PS)

This should copy the network traffic and/or the sound output. This should then be run through libraries (to be obtained: Open Source like https://www.informatik.uni-augsburg.de/lehrstuehle/hcm/projects/tools/emovoice/, öffnet eine externe URL in einem neuen Fenster) and speaker detection. This should then show feedback about who is talking how much (e.g. percent) and the mood of the speakers.

Kontakt: Michael Sonntag

  • Reconstructing internet video from a network trace

This should work for IP video telephony, but potentially also for other communications. The main task here is to handle missing parts, e.g. keeping the old picture or replacing it with "white/black screen". The sniffed traffic should then be playable and be accompanied by exact specifications what was found, and what/when there were "holes" filled.

Kontakt: Michael Sonntag

  • Online-Nachsuche

Software zur genauen und beweissicheren Dokumentation von Aktionen und Daten, die z.B. beim forensischen Zugriff auf einen fremden Webmail-Account erfolgen

Kontakt: Michael Sonntag

  • Asterisk als Anonymisierungsserver

Eingehende Telefonate weitervermitteln, ähnlich zu TOR (evtl. mittels VoIP + Ausgangsserver etc.)

Kontakt: Michael Sonntag

  • Traces in Executables

Wie viele/welche Spuren bleiben bei verschiedenen Arten ein Programm zu übersetzen in der ausführbaren Datei zurück, die zum Account/Computer zurückführen? Sowohl direkt ("Das war Benutzeraccount X") als auch bei Zugriff auf diesen Computer ("Wurde sicher auf diesem Computer übersetzt") bzw. allgemein ("Muss Windows 8.1 gewesen sein"). Siehe auch https://freedom-to-tinker.com/2015/12/29/when-coding-style-survives-compilation-de-anonymizing-programmers-from-executable-binaries/, öffnet eine externe URL in einem neuen Fenster

Kontakt: Michael Sonntag