The Apple AirTag is widely used for stalking and location tracking. Luckily, the AirTag can be detected by iOS and by our App AirGuard to warn users if they are being tracked. Unfortunately, GPS trackers that have their data connection cannot be detected so easily while they can be roughly the same size as an AirTag. Your task would be to deeply analyze several GPS trackers from different manufacturers to identify how they can be detected. You should have general knowledge of Bluetooth communication and should not be afraid to use a Software-Defined-Radio (SDR) or spectrum analyzer. At best case, you can find a solution to detect (some) GPS trackers that can be added to our AirGuard app (currently used by over 100,000 people). Contact: Alexander Heinrich

2022 In progress

Security of GPS Trackers (M.Sc.)

Supervisor: Alexander Heinrich

Earliest start date: End of January 23 Item trackers become more and more famous. The Apple AirTag, Samsung SmartTag, and Tile are low-cost BLE-based trackers that are used to find your belongings. The accuracy of the location of devices is based on their offline-finding networks. When a dog runs away into the forest, these trackers have a hard time getting the location of the dog. On the contrary, GPS trackers that use LoRaWan or a cellular connection have the ability to fetch the current location quickly and very accurately. Several manufacturers offer such services, and they compete against low-cost Bluetooth-based devices. Since they work with high-sensitive private data, the IT-Security of these services should have very high standards. Your task will be to assess the security of several GPS trackers by analyzing their apps/websites to access the location of your trackers. All security issues found need to be reported following a responsible disclosure. Language can be German or English. Contact: Alexander Heinrich

2022 In progress

Android Wireless Subsystem Security

Supervisor: Jiska Classen

Earliest start date: February 2023 Wireless interfaces are an attack surface for zero-click remote code execution vulnerabilities. Typically, an attacker would try to find a parsing issue within a wireless chip or in a low-level wireless stack component within the operating system, and then escalate further. Thus, it is of importance to research these interfaces. Android is available for many platforms with different hardware. Vendors add custom hardware adaption layers for compatibility with Android. However, these interfacing layers are vendor-specific and proprietary. Detailed knowledge about interfaces between components enables security research [1] and building tooling to customize wireless chips and stacks [2, 3]. Due to the proprietary nature of these interfaces, many of them remain undocumented. We have a couple of yet to be researched wireless interfaces, as well as researched interfaces that would profit from developing better tooling. We offer experience within the Google ecosystem as well as OEMs (Samsung, etc.), including reverse-engineering tips for firmware and user-space daemons. Additionally, due to supervising a lot of theses in this area, we have a collection of example thesis about how to reverse engineer and fuzz such interfaces. We also have rooted up-to-date Android smartphones. For your own safety and security, these are designated research devices and not meant for private usage. When researching a new interface, it is common to uncover new vulnerabilities, which you will report within Google's vulnerability reward program or the OEM's program, and you might be rewarded a bug bounty. We also encourage and financially support you presenting your results at a scientific or security conference. Please contact us for more details and choosing a task that suits a thesis. A B.Sc. thesis would usually advance tooling for something previously reverse engineered (see [1]), and a M.Sc. thesis is about reverse-engineering an interface and developing tools (see [2]). The precise topic will be tailored to your previous experience. It is recommended to have a reverse-engineering background, e.g., previous participation in CTFs. Depending on the topic, either a strong programming background is required (develop an open-source tool for an Android interface) or a good understanding of software/hardware security is mandatory (fuzzing a protocol, implementing a firmware attack, …). We are currently getting many requests for this topic area. Please only contact us if you plan to start your thesis by February 2023 or later, or if you have sufficient background knowledge to work on a topic on your own (e.g., are already familiar with Android hacking and don't need an introduction). [1] ARIstoteles: iOS Baseband Interface Protocol Analysis [2] InternalBlue - A Bluetooth Experimentation Framework Based on Mobile Device Reverse Engineering [3] Teaching Your Wireless Card New Tricks: Smartphone Performance and Security Enhancements Through Wi-Fi Firmware Modifications.

2022 In progress

Exploring a Digital Intermediary for Smart Home Privacy Communications

Supervisor: Matthias Gazzari

...

2022 In progress

Bluetooth Security Analysis on Windows

Supervisor: Jiska Classen

Earliest start date: February 2023 In the past, we looked into multiple Bluetooth stacks: iOS [3], macOS [2], Linux, and Android. However, Windows is still a partially blind spot. What is there yet: A basic understanding of the Windows Bluetooth stack and existing debug tools to look into all packets. Reversing and documentation of the Windows Bluetooth stack. This is a great base to get started with Bluetooth security analysis and reverse engineering on Windows. There are multiple tasks that would be interesting, which ones you choose depend on your skill level and if you want to work on a BSc or a MSc thesis. Hook the Windows kernel with WinDBG to not only log packets but also inject and modify packets. Write a fuzzer for the Windows Bluetooth stack. Implement or simulate known attacks on Bluetooth stacks to analyze how they were patched. Integrate this knowledge about the Bluetooth stack into InternalBlue [1], a Bluetooth firmware experimentation framework. For further reference, see: [1] InternalBlue Project on GitHub, https://github.com/seemoo-lab/internalblue [2] B.Sc. Thesis about porting InternalBlue to macOS, https://github.com/seemoo-lab/internalblue/blob/master/doc/macos_bluetooth_stack_thesis_davide_toldo.pdf [3] M.Sc. Thesis about fuzzing Bluetooth on iOS, https://github.com/seemoo-lab/toothpicker/blob/master/assets/toothpicker_thesis.pdf

2022 Available now

Apple Security and Privacy Aspects

Supervisor: Jiska Classen Alexander Heinrich

Earliest start date: April 2023 Apple claims to manufacture the most secure smartphone. They implement many unique security and privacy features that cannot be found in other ecosystems. Outstanding and elaborated features are publicly described in their platform security guide, including high-level goals and underlying cryptographic primitives [1]. However, detailed documentation is missing. Often, iOS and macOS are assumed to be secure by design without questioning the underlying implementation. Within SEEMOO, proprietary features and interfaces were studied a lot. For example, we reverse-engineered Find My and AirDrop, which uncovered new security and privacy issues, and implemented the open-source clients OpenHaystack and OpenDrop. Moreover, we took a look at wireless interfaces and daemons, more specifically Bluetooth and the Intel cellular baseband, and published tools like the ToothPicker fuzzer and the ARIstoteles dissector. When analyzing a previously unexplored topic within Apple's ecosystem, it is likely to find security issues affecting more than a billion of users of the Apple ecosystem. Moreover, the knowledge gained during this process helps to open up proprietary interfaces and enable interaction with third-party devices. There are still a lot of open topics on all layers. The main expertise within SEEMOO are wireless protocols. However, you can also contact us if you want to look into other concepts, such as low-level hardware security (PAC, side channels, ...), biometric security (Face ID, ...), network security (Private Relay, fuzzing the network stack, ...), and more. Usually, picking a single feature and exploring it in depth will be sufficient for a B.Sc. or M.Sc. thesis. We offer experience within the Apple ecosystem and reverse-engineering tips for firmware, kernel, and user-space daemons, including the *OS Internals book series that documents iOS and macOS internals way beyond the official materials by Apple. Additionally, due to supervising a lot of theses in this area, we have a collection of example theses. We also have jailbroken iPhones and iPads, recent MacBooks, and other Apple devices. For your own safety and security, these are designated research devices and not meant for private usage. Note that we do not participate in the Apple research device program, meaning that you can set your own disclosure timeline when coordinating disclosure with Apple. In some cases, Apple might award you a bug bounty. We also encourage and financially support you presenting your results at a scientific or security conference. The precise topic will be tailored to your previous experience. It is recommended to have a reverse-engineering background, e.g., previous participation in CTFs. Depending on the topic, either a strong programming background is required (develop an open-source equivalent of one Apple feature) or a good understanding of software/hardware security is mandatory (fuzzing a protocol, implementing a hardware attack, ...). Please contact us for more details. We are currently getting many requests for this topic area. Please only contact us if you have a strong background in the previously mentioned areas. [1] Apple Platform Security, May 2021, https://manuals.info.apple.com/MANUALS/1000/MA1902/en_US/apple-platform-security-guide.pdf

2022 In progress

Power Usage Advisory System for eHUB Inhabitants

Supervisor: Frank Hessel Martin Pietsch

Within the research center emergenCITY, we investigate how ICT can be used to strengthen a cities resilience during crises, e.g. blackouts, instead of being another critical infrastructure which can fail. With our freshly renovated living lab eHUB, we want to learn how self-sustaining buildings, which generate a surplus of electrical energy on their own, can support this approach. The eHUB provides a PV system with a battery, ready for starting experiments with off-grid operation. What it still needs is an integrated Smart Home system which can learn from the inhabitants’ behavior and support them in managing their energy budget, and offer the surplus e.g. to neighbors, first responders, or other emergency relief activities. The house is currently equipped with a KNX-based system for controlling consumers and measuring energy production and consumption. Your task is to extend this system, so that it considers consumption and production, monitors activities within the house with their energy profile, includes external context information (e.g. to relate weather and expected power production), and interacts with the inhabitants. The interaction could happen for example by a (web) app, using wall-mounted displays or through a Smart Home Speaker/Hub developed in the project. We plan to use the interface for further experiments in the eHUB. Some of the skills that will be helpful for working on this topic are (you do not need to tick all boxes): UI, App or web design for creating a nice user interface No fear in working with hardware installations and embedded systems (e.g. Linux on Raspberry Pis, knowledge of KNX, MQTT, … is an advantage) Machine learning for creating predictive models Experience with user studies in case you want to use that as method for evaluation. This thesis will be supervised in cooperation with EINS.

Power Usage Advisory System for eHUB Inhabitants

2022 In progress

Deep Learning for CSI-based Keylogging Side Channel Attacks

Supervisor: Matthias Gazzari Jakob Link

...

2022 Completed

ECG-PPG A Comparison of Biometric Identification

Supervisor: Matthias Gazzari

With the rise of the IoT and the usage of mobile devices, the need for improved security for those devices becomes more critical. Beyond regular passwords several other forms of identification such as biometric identification, have been introduced. They can offer increased convenience and less vulnerability to spoofing attacks. Most common forms of applied biometric identification include iris, face and fingerprint scanners that see most use in smartphones. But there has been an increasing interested in methods that utilize physiological signals of the human body. electrocardiogram (ECG) and photoplethysmogram (PPG) are among them and are the main point of interest for this work. They come with inherent advantages like being difficult to reproduce and can not be forgotten like a password. Gathering records of the two signal types has become easier over the years and can now be performed with wearables like the Apple Watch. This opens new options for this field of research. My work focuses on analyzing and reimplementing existing approaches for ECG and PPG based biometric identification systems and comparing them to deduct similarities, differences, strengths and weaknesses. To achieve this two convolutional neural network (CNN) based ECG implementations and one PPG implementation that utilizes handcrafted feature extraction were adapted to work on a shared dataset that contain synchronized ECG & PPG data from the private SAPE and the public BIDMC database. This database was then used for evaluation of the systems. In addition commonly used biometric methods and databases were analyzed to aid in the final evaluation. High rates of accuracy were reached and compared to literature that utilized similar datasets.

2022 In progress

Repurposing Wi-Fi Chips as Software-defined Radio Receivers

Supervisor: Jakob Link

Broadcom FullMac Wi-Fi Chips offer the possibility to configure its internals such that IQ samples can be fetched at several stages in the RX chain. This opens up the opportunity to repurpose those Wi-Fi Chips as Software-defined Receivers. As the firmare is proprietary and the configuration is non-trivial, reverse engineering of the underlying processes are required. In this thesis, we try to better understand the possible configuration options, tackle bottlenecks like memory and bus bandwidth restrictions, and create a tool that abstracts the SDR RX feature to end-users. You should have experience with C, Reverse Egineering and interest in hardware features of RF receiver chains.

2022 In progress

ePaper Bulletin Boards to Inform Citizens During Crises

Supervisor: Frank Hessel

2021 Completed

Handwriting Recognition using IMU and EMG Sensor Data

Supervisor: Matthias Gazzari

With the rise of wrist-worn devices like smartwatches and fitness trackers and the integration of Inertial Measurement Unit (IMU) sensors questions about the privacy impact of their recorded data arise which often gets little attention in privacy considerations. Worn on the wrist one possible impact is a possible eavesdropper inferring the handwriting done by the wearer of the device using the collected IMU data. Another use case is the deliberate digitizing of handwriting by users wearing such devices. In this case it is also feasible for the user to wear an additional device to improve the digitizing. In this thesis we investigate both the possible privacy impact and the possibilities for a deliberate digitizing of handwriting done on paper based on IMU sensor data recorded on a smartwatch. Furthermore, we collect Electromyography (EMG) sensor data using an armlet worn on the lower arm to analyze if the original recognition results can be improved utilizing these data. We design and conduct a data study aimed at mirroring everyday circumstances using an Apple Watch and a Thalmic Myo armlet to record the necessary data. Additionally, the original handwriting of the study participants is digitized by writing on paper on top of a Wacom Bamboo Slate tablet. We use the recorded continuous streams of IMU and EMG data to classify the written letters using the 1-Nearest Neighbor (1NN) algorithm in combination with the Dynamic Time Warping (DTW) algorithm. Our model achieves widely varying results depending on the writer and an overall accuracy of 0.28. Very low accuracies for the classification based on EMG data prevent us from evaluating possible improvements when combining both data types. Our findings suggest that the recognition depends on the writing style of the individual user and more research is required to make the handwriting recognition based on IMU or EMG data applicable to writing in everyday life.

2021 Available now

Software Defined Wireless Networks

Supervisor: Bastian Bloessl

I work a lot with Software Defined Radio, in particular GNU Radio. Talk to me, if you are interested in: Implementing or testing a standard or proprietary technology. Real-time signal processing (e.g., scheduling or benchmarking). Hardware acceleration (SIMD, FPGA, or GPU). Distributed signal processing. If you are excited about one of these topics, we can come up with a Bachelor or Master thesis that matches your interest.

2021 Completed

3D Positioning and Posture detection using iOS

Supervisor: Arash Asadi

Modern smartphones contain many sensors and frameworks that can capture the surrounding world.Capable mobile processors, machine learning and frameworks allow us to capture the pose of a human with very little extra work. We are looking for a student that wants to work with augmented reality and extend the posture detection system in iOS with a 3D positioning system. The software may combine multiple iPhones at different locations to enhance tracking. In the end, such a system allows to quickly create dataset necessary for WiFi sensing, create interactive games and more. A small introduction to the available frameworks has been given on WWDC 2020. Starting at minute 13 the video shows what is already possible today. https://developer.apple.com/videos/play/wwdc2020/10653/

2021 Available now

Preserving Privacy against WiFi Sensing

Supervisor: Matthias Gazzari

Electrocardiogram (ECG) biometrics is a steadily growing and increasingly popular field of research. In this work, we propose a novel attack scenario in which we train a generative model to uncover and spoof the ECG of a victim by merely observing another cardiovascular signal of the victim: their photoplethysmogram (PPG). For the model, we propose a conditional generative adversarial network (cGAN) with a U-Net style generator and least-squares loss. Since current training datasets do not fall into the off-the-person category, we additionally collect a custom dataset of synchronized PPG and ECG measurements. It features 33 recordings by 31 participants with a median age of 28. We evaluate the model against a baseline by Zhu et al. Our model has a lead over the baseline with a mean relative root-mean-square error (rRMSE) of 0.47 vs. 0.49 on the TBME-RR dataset but lacks behind on our own dataset with a mean rRMSE of 0.61 vs. 0.55. The evaluation demonstrates that the cGAN is able to properly recreate the overall characteristics and noise of the ground truth. In the proposed attack scenario, the model yields an overall success rate of up to 26 % against a neural-network-based authentication system.

2020 Completed

Low-Latency Flooding in IEEE 802.11g Networks through Concurrent Broadcasting with Wireless Synchronization using WARP Software-Defined Radios

Supervisor: Robin Klose

2020 Completed

Keylogging Side-Channel Attacks on Bluetooth Timestamps: A Timing Analysis of Keystrokes on Apple Magic Keyboards

Supervisor: Matthias Gazzari Jiska Classen

In the past several timing attacks have been applied to recover sensitive input on keyboards. If these kind of attacks could be migrated to the wireless communication of keyboards, this would make the use of wireless keyboards less secure. In this thesis we apply a timing attack on the Bluetooth communication of the Apple Magic Keyboard by recording the time between consecutive Bluetooth packets and recover the typing with a Hidden Markov Model (HMM). With this attack we are able to shrink the search space of random passwords by a factor of 5 to 10, which considerably speeds up exhaustive search.

2020 Completed

The Latency--Throughput Tradeoff of GPP-based SDRs

Supervisor: Bastian Bloessl

2020 Completed

GNU Radio Runtime Performance Evaluation

Supervisor: Bastian Bloessl

2020 Completed

Supervisor: Lars Almon Jiska Classen

Intercom security analysis.

2019 In progress

Bluetooth Entropy

Supervisor: Jiska Classen

2019 In progress

Bluetooth Controller Emulation and Fuzzing

Supervisor: Jiska Classen

2019 Completed

PrivacyGraph – A Holistic View of the Online Tracking Ecosystem

Supervisor: Max Maass

.

2019 Completed

Applicability of Penetration Testing Guides for the Internet of Things

Supervisor: Max Maass

2019 Completed

2018 Completed

Combining WiFi, Bluetooth and BLE: Limitations and synergy effects of using Google Nearby Connections 2.0

Supervisor: Lars Almon

Now most of the smartphones are equipped with different wireless interfaces namely Wi-Fi, Bluetooth, BLE, Ad-hoc Wi-Fi, and NFC. These different interfaces have different weaknesses and strengths. Bluetooth is suited for low bandwidth and short-range communication. Bluetooth Low Energy(BLE) on the other hand is aimed at devices which have limited power supply and need to transfer data in short intervals. Wi-Fi is well suited for high bandwidth, low-latency communication with increased ranges. By utilizing the combination of these interfaces, we can enhance the performance of offline peer-to-peer connectivity. The number of devices using the Internet is growing at a rapid rate, creating traffic congestion especially by using multimedia services. we can offload and distribute this traffic using high performance peer-to-peer connectivity. With the growing need of Infrastructureless network in the remote or disaster-stricken area, better device-to-device communication could prove to be life-saving. Nearby Connections 2.0 is the new offline peer-to-peer, high bandwidth low latency API from Google. It uses a combination of Wi-Fi Direct, BLE and Bluetooth to create reliable and fast connections. In this thesis, we evaluate Nearby Connections against all three interfaces it uses. We execute 4 experiments with different network parameters to analyze the limitations and benefits of using Nearby Connections. By varying different parameters we maximize the performance of each interface to observe the behavior of Nearby Connections. Our evaluation results indicate that this is in fact not the case with Nearby Connections. It does not adjust itself to get the best out of underlying interfaces. We show the limitations of Nearby Connections API. However, it performed better than both Bluetooth and BLE but against Wi-Fi Direct it performed way below the par.

2018 Completed

Supervisor: Dingwen Yuan

2018 Completed

Learning the Beams: Applying Evolution Algorithms for Optimized IEEE 802.11 ad Beamtraining

Supervisor: Daniel Steinmetzer

2018 Completed

Supervisor: Matthias Schulz

2018 Completed

Processing and evaluation of the smarter field test about delay-tolerant networks in the event of an disaster

Supervisor: Lars Almon

This thesis is about the processing and evaluation of the data generated by the Smartphone-based Communication Networks for Emergency Response (smarter) project. The smarter project is a research project that investigates the use of Delay Tolerant Networks (DTNs) as a method of communication for the civil population during a disaster situation. During this thesis the recorded data is transferred into a format readable by the simulator The Opportunistic Network Environment Simulator (The ONE), so that the field experiment can be repeated as often as required. This makes it possible to easily compare the data with that of other projects or to combine it with data genera ted by the simulator. The thesis also highlights some difficulties that may occure during the analysis and execution of field experiments.

2018 Completed

Performance Comparision of Packet Schemes for Mutually Hidden Messages

Supervisor: Max Maass

2018

Separation of Channel Coefficients with Deep Neural Networks

Supervisor: Robin Klose

Motivation The separation of channel coefficients is a time-consuming operation. In this thesis project, we are going to explore the suitability of deep neural networks (DNNs) to speed up a specific PHY-related optimization task Goal The goal of this project is to explore the suitability of DNNs to separate channel coefficients. The project main goals are: Research the literature about uses of DNNs in other optimization problems Explore suitable DNN configurations for the envisioned task Evaluate the DNN's performance in terms of accuracy and speed

2018 Completed

Analyzing Vulnerability and Privacy Data from the PrivacyScore platform

Supervisor: Max Maass

Motivation Every day new cyber security vulnerabilities are discovered and reported, which indicate weak security standards adapted by websites. The main aim of a hacker is to steal sensitive information by exploiting these vulnerabilities. The information and data compromised can be very costly and damaging for an organization. Hence, due to ever evolving tactics of the hackers and the changing cyber threat landscape, it is very important for an organization to be aware of the security vulnerabilities. Until now, most of the work which is done allows to discover the vulnerabilities in web applications and anticipate the vulnerabilities exploits. Different techniques are used in this regard, including machine learning, evaluating inter-module relationships, and application of data analytics. All of these approaches have a common goal, which is to discover existing and new vulnerabilities and predict them for future. Some solutions consider evaluating the application code by performing static or dynamic analysis and finding vulnerabilities. However, a very critical question in this whole scenario arises, as to what we can do after a vulnerability is discovered? How to find similar vulnerabilities in the system and share this information with others for proactive resolution of the vulnerabilities? In this regard, data analysis of security vulnerabilities can provide a wealth of information. It can provide efficient vulnerability assessment by analyzing the existing vulnerability data

2018 Completed

Privacy als Wettbewerbsfaktor? Analyse der Reaktionen von Unternehmen auf Privacy-Score-Bewertungen

Supervisor: Max Maass

2018 Completed

NEAT-TCP: Generation of TCP Congestion Control through Neuroevolution of Augmenting Topologies for Wireless Multi-Hop Networks

Supervisor: Robin Klose

Motivation TCP performance in wireless multi-hop networks (WMNs) is hard to achieve due to losses on the wireless channel, interferences and limited resources at individual nodes. Recent research has proposed a simple neural network (NN) structure with one input layer, two hidden layers, and one output layer that efficiently applies congestion control and that results in significant performance improvements compared to conventional TCP variants [1]. Further, NeuroEvolution of Augmenting Topologies (NEAT) is a method based on evolutionary algorithms that can outperform fixed-topology NNs in reinforcement learning tasks. We expect that NEAT may improve the performance of manually crafted NNs like iTCP even further. Goal The goal of this project is to assess the ability of NEAT to further improve the performance of an iTCP-based congestion control algorithm in the context of WMNs. The project main goals are: Implement iTCP in a network simulation environment (ns-3) Use NEAT to generate a modified NN structure for congestion control Compare the performance of the modified congestion control to the initial iTCP-based version [1] A. B. M. Alim Al Islam and Vijay Raghunathan, “iTCP: an intelligent TCP with neural network based end-to-end congestion control for ad-hoc multi-hop wireless mesh networks”, Wireless Networks, Volume 21, Issue 2, pp. 581–610, February 2015. doi: 10.1007/s11276-014-0799-6 [2] Kenneth O. Stanley and Risto Miikkulainen, “Evolving Neural Networks through Augmenting Topologies”, Evolutionary Computation 10:2, pp. 99-127, MIT Press, 2002. doi: 10.1162/106365602320169811

2018 Completed

Self-Replicating Malware for Wi-Fi Chips

Supervisor: Matthias Schulz

2017 Completed

Understanding the Apple Auto Unlock Protocol

Supervisor: Milan Stute

Description Abstract of final thesis: The Apple Watch provides the ability to automatically unlock a device running macOS when in proximity. The underlying proprietary protocol is called Auto Unlock (AU) and differs from other smart locking techniques. It uses a combination of two wireless technologies: Bluetooth Low Energy (BLE) and IEEE 802.11, to facilitate secure proximity detection. In this work we analyze the protocol by using reverse engineering and dynamic debugging. We show that AU uses both standardized protocols as well as proprietary techniques to implement a secure distance bounding protocol. With this knowledge, we discuss attack vectors and conduct a successful Man-in-the-Middle (MitM) attack on the protocol. Furthermore, we provide a starting point to allow implementations on other platforms by specifying the protocol and establish the foundation for further attacks.

2017 Completed

Investigating practical man-in-the-middle network attacks on IEEE 802.11 ad

Supervisor: Daniel Steinmetzer

2017 Completed

Wi-Fi based Covert Channels on Android Smartphones

Supervisor: Matthias Schulz

2017 Completed

Evaluation of Latency Reduction Techniques for 5th Generation Mobile Network

Supervisor: Arash Asadi

Supervisor: Daniel Steinmetzer Milan Stute

2017 Completed

Secure localization and distance bounding with IEEE 802.11

Supervisor: Matthias Schulz

2017 Completed

Modification of LTE firmwares on Smartphones

2017 Completed

Implementation of a Contextual Framework for Secure Device Pairing Methods on Android

Supervisor: Mikhail Fomichev

Motivation With the proliferation of numerous personal gadgets and smart devices, device pairing has become prominent in introducing security to such a diverse environment. Clearly, the process of secure device pairing is much more ambiguous than previously thought. This stems from the fact that there is no coherent vision of the pairing problem among the research community. To this end, we see that there is a plethora of various pairing protocols that have been proposed many of which are insecure or fail to work in practice. Clearly, there is no single winner in a device pairing race. Goal Correspondingly, one solution to such a problem is to support several pairing methods. However, from a user prospective this may create an additional burden. On top of that, some pairing protocols may be less appropriate security‐wise in certain scenarios. For instance, if a paring method relies on audio but is used in a noisy environment, this creates an additional attack vector or causes reliability issues. Another example are visual paring techniques used in a public place, which can be subject to shoulder surfing. Overall, in this thesis you will research which contextual information that can be gathered by a modern smartphone can augment in secure device pairing. We already have a working Android implementation which performs different methods of device pairing. More specifically, your task is to identify which factors can be potentially hazardous or beneficial for a certain pairing method in a particular scenario. The context that we are going to incorporate includes both the environmental information as well as the user input (feedback, preferences, etc.). Hence, you'll take measurements on the smartphone to rate the environmental information, and perform a small user study (20-30 users) on the device pairing usability.

2017 Completed

Design, Implementation and Evaluation of a Privacy-preserving Framework for Trust Inference on Android

Supervisor: Mikhail Fomichev

2017 Completed

Nexman-based Wireless Penetration Testing Suite for Android

Supervisor: Matthias Schulz

2017 Completed

Design, Implementation and Evaluation of Realistic Scenarios and Movement Models for Natural Disasters Using Simulations for Delay Tolerant Networks

Supervisor: Milan Stute Max Maass

Description Seeing the continuous increase in natural disasters around the world, many people are contemplating how to contribute helping those in need. Among them are several computer scientists who fulfil their share by developing technology which enables fast and reliable communication in disaster areas. We were inspired by their work and thus wanted to further improve the state-of-the-art. DTN is a specific technology which can be used for the creation of alternative networks in disaster areas, where conventional ones are unavailable due to the inevitable destructions implied by the disaster. Given that such technology is usually evaluated within network simulators we exclusively focus on improving the state-of-the-art of movement models and scenarios utilized within such simulators. The very random driven, and thus not realistic, state-of-the-art is improved by our contribution in the form of a fully designed, implemented, and evaluated realistic natural disaster movement model with underlying scenarios. The results of our evaluation indicate that previously published results might be too optimistic. Thus, further approximations to reality are inevitable for more accurate simulation of DTN, in the goal to ultimately obtain better and more realistic results.

2017 Completed

TETRA Security Analysis by Fuzzing

Supervisor: Jiska Classen

2017 Completed

2016 Completed

Secure Context Migration between IEEE 802.11 Networks

Supervisor: Marc Werner

Energy efficient WiFi analysis framework on smartphones

Supervisor: Milan Stute

2016 Completed

Unified Multi-modal Secure Device Pairing for Infrastructure and Ad-hoc Networks Bachelor Thesis

Supervisor: Daniel Steinmetzer

Motivation Todays technologies heavily rely on wireless communications. Our mobile devices connect to infrastructure devices such as wireless routers, perform ad-hoc connections among each other and connect to peripheral devices such as smart watches, fitness tracker and headsets. However, since security is essential in most application scenarios, authentication is a big challenge. To join a wireless network pre-shared credentials are required. Pairing in proximity via bluetooth requires the same pin to be entered on both devices. This proceeding is inconvenient and differs for different kinds of devices. Although, user-friendly and secure pairing mechanisms utilizing multi-modal technologies are proposed, no unified solution exists, yet. Goal In this thesis you elaborate different kind of pairing mechanism and analyze their security regarding various attacks. You design a unified multi-modal pairing protocol and implement a prototype on Android. Your protocol combines pairing strategies over different communication technologies (e.g. WiFi, Bluetooth, NFC, sound, light) and selects a suitable subset matching the devices capabilities. Since some strategies are easier to intercept than others, your protocol attests the paring procedure for retrospective trust estimation in application context. With your proposal we show that a unified multi-modal paring is feasible for both infrastructure and ad-hoc networks with flexible security requirements.

2016 Completed

Unified Multi-Modal Device Pairing in Infrastructure and Ad-hoc networks

Supervisor: Daniel Steinmetzer

2016 Completed

A Systemfor Privacy-Preserving Mobile Health and Fitness Data Sharing: Design, Implementation and Evaluation

2016 Completed

Reverse Engineering Apple's Multipeer Connectivity Framework and Implementation on the Android platform

Supervisor: Matthias Schulz

2016 Completed

Enabling Seamless Transitions betweegn Cyrptographically Secured

Supervisor: Marc Werner

2016 Completed

TETRA Fuzzing

Supervisor: Jiska Classen

2016 Completed

Location Privacy of Digital Trunked Radio

Supervisor: Jiska Classen Robin Klose

Securing Efficient Network Flooding and Time Synchronization for Ultra-Low Latency Communication in Wireless Sensor Networks

2015 Completed

Design and Implementation of lichtweight attestation for embedded systems

2015 Completed

Intrusion Detection using Data Mining

2015 Completed

Audio-based Covert Channels on Smartphones

2015 Completed

Wireless Eavesdropping and Pocket Injection in Ethernet Networks

Supervisor: Matthias Schulz

2015 Completed

Secure Transitions

Supervisor: Marc Werner

Let's go WARP: Integrating the Click Modular Router and the Wireless Open-Access Research Platform

Supervisor: Matthias Schulz

2014 Completed

Delay-tolerant routing for emergency networks

Supervisor: Michael Noisternig

2014 Completed

Signal Pre-Processing in a Physical Layer Based Key Management System for Wireless Communications

2014 Completed

Statistically analysing the Impact of

Supervisor: Michael Riecker

2014 Completed

2013 Completed

Design, Implementation and Evaluation of Incentive Schemes for Mobile Sensing Applications

Supervisor: Delphine Christin, Jun.-Prof. Dr-Ing.

2013 Completed

Physical layer path signatures for wireless multihop networks

2013 Completed

Improving of the detection mechanism of an open-source intrusion detection system

Supervisor: Rodrigo do Carmo

2013 Completed

Practical Physical Layer Security in MIMO Systems using Software Defined Radios

2013 Completed

Implementation of a cross-layer technique for an OFDM-based Wiresell Mesh Network

2013 Completed

2010 Completed

Fine-gained Access Control Enabling Privacy Support in Participatory Sensing

Supervisor: Delphine Christin, Jun.-Prof. Dr-Ing.