No results match your search criteria.
Reset filter
2020
Completed
Applicability of IoT Security Frameworks as Guidelines for Penetration Testing
Supervisor:
Jiska Classen
Max Maass
2019
Completed
Communicating Privacy and Security issues
Supervisor:
Max Maass
.
2019
Completed
Detecting Extension Abuse in the Wild
Supervisor:
Max Maass
.
2019
Completed
PrivacyMail – Analyzing the Email Tracking Ecosystem
Supervisor:
Max Maass
2019
Completed
PrivacyGraph – A Holistic View of the Online Tracking Ecosystem
Supervisor:
Max Maass
.
2019
Completed
Applicability of Penetration Testing Guides for the Internet of Things
Supervisor:
Max Maass
2019
Completed
Smart Home Security
Supervisor:
Max Maass
2019
Completed
Analyzing Email Privacy
Supervisor:
Max Maass
2019
Completed
Inferring Keystrokes from Myo Armband Electromyographic and Inertial Measurement Unit Data
Supervisor:
Max Maass
Mobile devices, such as phones and wearables, include an increasing variety of more and more accurate sensors, only part of which the users can control to a certain extent to protect their privacy. In the meantime, mostly with respect to the accelerometer and gyroscope sensors of smartwatches, various keylogging side-channel attacks have been described in literature, demonstrating that sensitive information like passwords can be inferred from the data recorded by these sensors.
In this thesis, we take a closer look at the Myo armband, a wearable device worn on the upper part of the forearm containing an accelerometer, a gyroscope, a magnetometer and eight electromyographic (EMG) sensors for measuring muscle activity. In particular, we investigate whether the EMG data supports the recognition of finger movements sufficiently to detect new keystrokes of the same person or of previously unseen typists.
We create a dataset based on both keystroke and sensor data collected from 27 volunteers wearing two Myo armbands while typing on a physical keyboard. In order to detect keystrokes based on this data, we apply supervised learning approaches utilizing a random forest, a convolutional neural network (CNN) adaptation of WaveNet and a convolutional recurrent neural network (CRNN).
We estimate the predictive performance, achieving a mean f1 score of 0.75 for the CRNN in the within-subject scope and an f1 score of about 0.61 for the between-subject scope, independent of the chosen model. These estimates are validated in a proof of concept, achieving a mean f1 score of 0.64 for the CRNN in the within-subject scope and a mean f1 score of 0.65 for the WaveNet adaptation on an unseen person in the between-subject scope.
2018
Completed
Performance Comparision of Packet Schemes for Mutually Hidden Messages
Supervisor:
Max Maass
2018
Completed
Analyzing Vulnerability and Privacy Data from the PrivacyScore platform
Supervisor:
Max Maass
Motivation
Every day new cyber security vulnerabilities are discovered and reported, which indicate weak security standards adapted by websites. The main aim of a hacker is to steal sensitive information by exploiting these vulnerabilities. The information and data compromised can be very costly and damaging for an organization. Hence, due to ever evolving tactics of the hackers and the changing cyber threat landscape, it is very important for an organization to be aware of the security vulnerabilities.
Until now, most of the work which is done allows to discover the vulnerabilities in web applications and anticipate the vulnerabilities exploits. Different techniques are used in this regard, including machine learning, evaluating inter-module relationships, and application of data analytics. All of these approaches have a common goal, which is to discover existing and new vulnerabilities and predict them for future. Some solutions consider evaluating the application code by performing static or dynamic analysis and finding vulnerabilities. However, a very critical question in this whole scenario arises, as to what we can do after a vulnerability is discovered? How to find similar vulnerabilities in the system and share this information with others for proactive resolution of the vulnerabilities? In this regard, data analysis of security vulnerabilities can provide a wealth of information. It can provide efficient vulnerability assessment by analyzing the existing vulnerability data
2018
Completed
Privacy als Wettbewerbsfaktor? Analyse der Reaktionen von Unternehmen auf Privacy-Score-Bewertungen
Supervisor:
Max Maass
2018
Completed
Testing the Efficacy of Vulnerability Disclosure over different Channels
Supervisor:
Max Maass
2018
Completed
Analysing and Evaluating Interface, Communication, and Web Security in Productive IoT Ecosystems
Supervisor:
Jiska Classen
Max Maass
2017
Completed
OAuth 2.0 for IoT: IPsec channel establishment and authorized resource access in the IoT
Supervisor:
Max Maass
To secure the Internet of Things (IoT) while keeping its interoperability with today’s Internet is crucial to unleash the full potential of the IoT. Authentication and Authorization are fundamental guarantees to enable further security and operational challenges. To fulfill these guarantees in complex and diverse scenarios, we propose a solution based on the Authentication and Authorization for Constrained Environments (ACE) Framework, a token-based authorization, and authorization. Our solution, the IPsec profile for ACE, builds on the IPsec protocol suite and the Internet Engineering Task Force (IETF) IoT stack to provide network layer security and IPsec channel establishment based on token provisioning for constrained devices. The Direct Provisioning (DP) of Security Association (SA), symmetric-based authenticated establishment (Internet Key Exchange Protocol version 2 (IKEv2) in Pre-Shared Key (PSK) mode), and asymmetric key-based authenticated establishment (IKEv2 in Certificate-based Public Key (CPK) mode) are specified as ways to establish SAs, i.e., IPsec channels. We provide an implementation for Contiki, an Operating System (OS) for constrained devices such as the Zolertia Firefly. Furthermore, we evaluate our protocol design providing an lower bound for the performance of the profile. The evaluation includes network latency and processing time, energy consumption, memory footprint and packet sizes for the different SA establishment methods. The results provide a benchmark for the different protocol steps as well as aggregated measures for each of the evaluated setups. Our evaluation showed that the DP establishment has the smallest memory footprint and ACE packet size, and at the same time the highest performance. In the other hand, the authenticated establishment featuring IKEv2 in CPK mode, shows the largest memory footprint and packet size, together with the lowest performance of the three SA establishment methods. The trade-off regarding Random Access Memory (RAM) and Read-Only Memory (ROM) footprint, power consumption and network latency and processing time and security guarantees are also described.
2017
Completed
Design, Implementation and Evaluation of Realistic Scenarios and Movement Models for Natural Disasters Using Simulations for Delay Tolerant Networks
Supervisor:
Milan Stute
Max Maass
Description
Seeing the continuous increase in natural disasters around the world, many people are contemplating how to contribute helping those in need. Among them are several computer scientists who fulfil their share by developing technology which enables fast and reliable communication in disaster areas. We were inspired by their work and thus wanted to further improve the state-of-the-art. DTN is a specific technology which can be used for the creation of alternative networks in disaster areas, where conventional ones are unavailable due to the inevitable destructions implied by the disaster. Given that such technology is usually evaluated within network simulators we exclusively focus on improving the state-of-the-art of movement models and scenarios utilized within such simulators. The very random driven, and thus not realistic, state-of-the-art is improved by our contribution in the form of a fully designed, implemented, and evaluated realistic natural disaster movement model with underlying scenarios. The results of our evaluation indicate that previously published results might be too optimistic. Thus, further approximations to reality are inevitable for more accurate simulation of DTN, in the goal to ultimately obtain better and more realistic results.