No results match your search criteria.
2022
Completed
SpyFi: Deep Learning for CSI-based Keylogging Side Channel Attacks
Supervisor:
Matthias Gazzari
Jakob Link
Spying on what is typed on a keyboard with Wi-Fi signals sounds scary but might not be as far from reality as suspected. Wi-Fi-enabled devices constantly measure the communication channel conditions represented with Channel State Information (CSI). Finger and hand movements alter the wireless signal propagation characteristic and cause changes in the CSI over time. Prior work proves it is possible to correlate the patterns in a CSI time series to the motion of keys pressed on a keyboard. This leaking information from Wi-Fi signal distortions can be exploited in a side-channel keylogging attack.
Typing is a prevalent activity when it comes to working with computers on a regular basis. Considering that what we type reveals not only private messages like emails or notes but also highly sensitive data such as passwords or banking information, this leaves a frightening prospect.
In this thesis, we practically explore the potential threat of side-channel keylogging attacks with CSI by implementing and comparing the conventional method found in related work to deep learning-based approaches to infer keystrokes. Motivated by the fact that the use of deep learning models promises less effort in pre-processing and feature extraction, we apply deep learning approaches for the first time for CSI-based keylogging
and extend the knowledge about the applications of Deep Neural Networks (DNNs).
We create a dataset worth more than 24 hours of recording time with a controlled experimental setup to empirically evaluate the performance of the implemented keyloggers. Our results indicate the difficulties and limitations our keylogging models face, which renders keylogging attacks with Wi-Fi signals rather cumbersome for real-world attackers.
2022
Completed
Machine Learning Aided Penetration Testing: Concept of a Penetration Testing Automation Environment
Supervisor:
Matthias Gazzari
Network penetration testing involves experienced techniques that require consideration of environment specific parameters and planning of conduct. Penetration testers should focus on novel vulnerabilities and spend their attention to interrelations regarding possible threats and risks to not lose time on repeating tasks. Reinforcement Learning (RL) is the key approach to make autonomous penetration testing practically applicable inside real-world computer networks. The literature describes attack path generation with a priori knowledge about the environment, simulation-only approaches without applicability to real-world computer networks or emulation-only approaches with no RL integration. This thesis optimizes, trains and evaluates RL agents for four benchmark scenarios with increasing size, complexity and heterogeneity of hosts, and a Proof of Concept (PoC) demonstrates the transferability of a simulation environment into an emulation environment. Creating a realistic emulation environment in which RL agents can apply their learned knowledge from the fast simulation environment allows delegation of repeatable tasks to the learned agent and let penetration testers focus on novel and individual aspects of the target network.
2023
In progress
Limits of Thermal Camera Keylogging Side-Channel Attacks
Supervisor:
Matthias Gazzari
...
2023
Available from: April 2024
Protection mechanisms against unwanted tracking/stalking
Supervisor:
Alexander Heinrich
The release of more Bluetooth item finders and key finders that use a vast finder network increased the risk for stalking and location tracking on people increases. Especially the Apple AirTag and Samsung SmartTag are dangerous devices since the manufacturers updated all their Smartphones to find and report these devices. We study the prevalence of this issue and try to create applications, algorithms, and datasets to help users identify trackers and disable them.
With AirGuard, we created the first automatic tracking detection against AirTags for Android. Our project is open-source, and we continue to develop it to support other devices.
If you are interested in tracking protection mechanisms innovative ways to identify all kinds of trackers and want to create software used by thousands of users, please reach out.
Contact:
Alexander Heinrich
aheinrich@seemoo.tu-darmstadt.de
Links:
https://github.com/seemoo-lab/AirGuard
https://play.google.com/store/apps/details?id=de.seemoo.at_tracking_detection.release
2023
In progress
Detect Sensitive Activity to Protect Users of Wearables
Supervisor:
Matthias Gazzari
...
2023
In progress
Fingerprinting Environments With Gas Sensors
Supervisor:
Matthias Gazzari
...
2023
Assorted Hardware Security Topics
Supervisor:
Davide Toldo
I offer supervision mostly of hardware-based offensive security topics. Assist me and my team in getting access to the firmware of embedded systems, bypass security mechanisms and reverse engineer cutting-edge devices.
Topics (can) involve building custom hardware (target boards, tools, experimental setups), reverse engineering firmware and more.
Contact me if this sounds interesting to you. Experience with hardware (electronics, microcontrollers, circuit boards) is recommended.
2023
Available now
Reverse Engineering Broadcom's Vector Application Specific Processor (VASIP)
Supervisor:
Jakob Link
Selected Broadcom Wi-Fi SoCs feature a Vector Application Specific Processor (VASIP). A brief description of its application areas can be found in the following patent: Inter-radio communications for scheduling or allocating time-varying frequency resources.
The processor might be used to mitigate interference, support MU-MIMO operation, or in general help with computational complex tasks correlated to signal processing. Understanding VASIPs functionalities and capabilities, paired with its positioning near the radio front-end, can open up a new practical platform for researchers with a large area of applications in the wireless field on real end-user devices.
To gain more insight into this type of processor we offer several thesis topics, ranging from analyzing its default functionalities up to reverse engineering its instruction set.
You should be comfortable with the C-language, digging in the unknown, signal processing, and improving your skill-set. Be aware that depending on the sub-topic this might be a heavy task.
2023
In progress
PicoWSDR: Low-cost Software-Defined Radio Receiver
Supervisor:
Jakob Link
Raspberry Pi's Pico W microcontroller board comes with a Broadcom / Infineon Wi-Fi SoC (CYW43439). The combination of the two offers a possibility to create a low-budget, but powerful, software-defined radio receiver.
This work involves low-level programming, debugging and reverse engineering. You should be familiar with or ready to deep dive into microcontroller programming, the programming language C, firmware reverse engineering and patching. An understanding of radio frequency receiver architecture and signal processing is helpful.
2023
In progress
Power Characterization of Acoustic Communication and Other Wireless Ad-Hoc Communication Technologies for Smartphones and the Internet of Things
Supervisor:
Florentin Putz
...
2023
In progress
Measuring Acoustic Communication Schemes
Supervisor:
Florentin Putz
...
2023
Completed
Machine Learning Based Data Rate Optimization for Mobile LoRaWAN Sensors
Supervisor:
Luis Alves
Frank Hessel
Adaptive Data Rate is a feature of LoRaWAN that allows to optimize the network performance by adjusting the data rate of end devices based on their current channel conditions. Current approaches to ADR optimization algorithms focus on static or low-mobile end devices, and the specification recommends to disable ADR for mobile devices, e.g. location trackers. To let these devices also benefit from ADR adjustments, this thesis suggests to implement a predictive ADR algorithm based on deep reinforcement learning. The algorithm is evaluated on a real-world data set captured in the city of Darmstadt.
2023
In progress
Automated Surveillance Recognition in Smart Environments
Supervisor:
Matthias Gazzari
Frank Hessel
This topic is about implementing various models to recognize the presence of as many smart things as possible based on sensor or other time series data. The goal of this topic is to compare and evaluate these models against each other in certain settings like in a smart home environment.
2023
Completed
Continuous Fuzzing Integration Into State of the Art Development Processes for Improved Software Security
Supervisor:
David Noel Breuer
...
2023
Available now
Acoustic Communication: Ubiquitous ad-hoc communication?
Supervisor:
Florentin Putz
I offer challenging topics on all aspects of the acoustic physical layer, which allows smartphones to use their integrated audio hardware for aerial communication, similar to wireless radio communication. The main use case is short-range communication, e.g., for pairing.The advantage: We can implement custom physical layers without expensive SDRs.
Contact me if you have any research ideas on this topic. Strong experience with signal processing is required.
2023
Available now
Security and Resilience of 6G/Open RAN
Supervisor:
Leon Würsching
A resilient 6G system must be prepared for different failure scenarios to absorb incidents up to a certain level. The Open RAN standard [1] proposes to split the RAN into multiple units, exposing new potential points of failure and increasing the overall attack surface of the RAN.
I offer Bachelor's and Master's theses exploring a given part of the 6G/Open RAN system and investigating aspects related to its security and resilience.
For example, I am looking for students interested in one of the following:
penetration-testing a component
security analysis of a network protocol
resilience analysis of infrastructure in a disaster scenario
mathematically modeling requirements for a system to survive specific scenarios
...
Don't worry if your favorite method is not mentioned here. There is an indefinite number of aspects to investigate in the 6G system. Let me know what you would like to do (reverse engineering, fuzzing, stochastics, conducting a user study?), and we will see if there is a way.
While it can be a bonus, knowing how mobile networks work is optional. You can still learn everything relevant as a part of your thesis.
Don't hesitate to contact me if you are interested in a security/resilience-related thesis in the 6G/Open RAN field!
[1] https://www.o-ran.org
2023
In progress
Limits of CSI-based keylogging on 10-digit number pads
Supervisor:
Matthias Gazzari
Jakob Link
...
2022
In progress
Security of GPS Trackers (M.Sc.)
Supervisor:
Alexander Heinrich
Earliest start date: End of January 23
Item trackers become more and more famous. The Apple AirTag, Samsung SmartTag, and Tile are low-cost BLE-based trackers that are used to find your belongings. The accuracy of the location of devices is based on their offline-finding networks. When a dog runs away into the forest, these trackers have a hard time getting the location of the dog.
On the contrary, GPS trackers that use LoRaWan or a cellular connection have the ability to fetch the current location quickly and very accurately. Several manufacturers offer such services, and they compete against low-cost Bluetooth-based devices. Since they work with high-sensitive private data, the IT-Security of these services should have very high standards.
Your task will be to assess the security of several GPS trackers by analyzing their apps/websites to access the location of your trackers. All security issues found need to be reported following a responsible disclosure.
Language can be German or English.
Contact:
Alexander Heinrich
2022
In progress
Android Wireless Subsystem Security
Supervisor:
Jiska Classen
Earliest start date: February 2023
Wireless interfaces are an attack surface for zero-click remote code execution vulnerabilities. Typically, an attacker would try to find a parsing issue within a wireless chip or in a low-level wireless stack component within the operating system, and then escalate further. Thus, it is of importance to research these interfaces.
Android is available for many platforms with different hardware. Vendors add custom hardware adaption layers for compatibility with Android. However, these interfacing layers are vendor-specific and proprietary. Detailed knowledge about interfaces between components enables security research [1] and building tooling to customize wireless chips and stacks [2, 3]. Due to the proprietary nature of these interfaces, many of them remain undocumented. We have a couple of yet to be researched wireless interfaces, as well as researched interfaces that would profit from developing better tooling.
We offer experience within the Google ecosystem as well as OEMs (Samsung, etc.), including reverse-engineering tips for firmware and user-space daemons. Additionally, due to supervising a lot of theses in this area, we have a collection of example thesis about how to reverse engineer and fuzz such interfaces. We also have rooted up-to-date Android smartphones. For your own safety and security, these are designated research devices and not meant for private usage. When researching a new interface, it is common to uncover new vulnerabilities, which you will report within Google's vulnerability reward program or the OEM's program, and you might be rewarded a bug bounty. We also encourage and financially support you presenting your results at a scientific or security conference.
Please contact us for more details and choosing a task that suits a thesis. A B.Sc. thesis would usually advance tooling for something previously reverse engineered (see [1]), and a M.Sc. thesis is about reverse-engineering an interface and developing tools (see [2]). The precise topic will be tailored to your previous experience. It is recommended to have a reverse-engineering background, e.g., previous participation in CTFs. Depending on the topic, either a strong programming background is required (develop an open-source tool for an Android interface) or a good understanding of software/hardware security is mandatory (fuzzing a protocol, implementing a firmware attack, …).
We are currently getting many requests for this topic area. Please only contact us if you plan to start your thesis by February 2023 or later, or if you have sufficient background knowledge to work on a topic on your own (e.g., are already familiar with Android hacking and don't need an introduction).
[1] ARIstoteles: iOS Baseband Interface Protocol Analysis
[2] InternalBlue - A Bluetooth Experimentation Framework Based on Mobile Device Reverse Engineering
[3] Teaching Your Wireless Card New Tricks: Smartphone Performance and Security Enhancements Through Wi-Fi Firmware Modifications.
2022
In progress
Exploring a Digital Intermediary for Smart Home Privacy Communications
Supervisor:
Matthias Gazzari
...
2022
In progress
Bluetooth Security Analysis on Windows
Supervisor:
Jiska Classen
Earliest start date: February 2023
In the past, we looked into multiple Bluetooth stacks: iOS [3], macOS [2], Linux, and Android. However, Windows is still a partially blind spot.
What is there yet:
A basic understanding of the Windows Bluetooth stack and existing debug tools to look into all packets.
Reversing and documentation of the Windows Bluetooth stack.
This is a great base to get started with Bluetooth security analysis and reverse engineering on Windows. There are multiple tasks that would be interesting, which ones you choose depend on your skill level and if you want to work on a BSc or a MSc thesis.
Hook the Windows kernel with WinDBG to not only log packets but also inject and modify packets.
Write a fuzzer for the Windows Bluetooth stack.
Implement or simulate known attacks on Bluetooth stacks to analyze how they were patched.
Integrate this knowledge about the Bluetooth stack into InternalBlue [1], a Bluetooth firmware experimentation framework.
For further reference, see:
[1] InternalBlue Project on GitHub, https://github.com/seemoo-lab/internalblue
[2] B.Sc. Thesis about porting InternalBlue to macOS, https://github.com/seemoo-lab/internalblue/blob/master/doc/macos_bluetooth_stack_thesis_davide_toldo.pdf
[3] M.Sc. Thesis about fuzzing Bluetooth on iOS, https://github.com/seemoo-lab/toothpicker/blob/master/assets/toothpicker_thesis.pdf
2022
Available from: April 2024
Apple Security and Privacy Aspects
Supervisor:
Alexander Heinrich
Earliest start date: October 2023
Apple claims to manufacture the most secure smartphone. They implement many unique security and privacy features that cannot be found in other ecosystems. Outstanding and elaborated features are publicly described in their platform security guide, including high-level goals and underlying cryptographic primitives [1]. However, detailed documentation is missing. Often, iOS and macOS are assumed to be secure by design without questioning the underlying implementation.
Within SEEMOO, proprietary features and interfaces were studied a lot. For example, we reverse-engineered Find My and AirDrop, which uncovered new security and privacy issues, and implemented the open-source clients OpenHaystack and OpenDrop. Moreover, we took a look at wireless interfaces and daemons, more specifically Bluetooth and the Intel cellular baseband, and published tools like the ToothPicker fuzzer and the ARIstoteles dissector.
When analyzing a previously unexplored topic within Apple's ecosystem, it is likely to find security issues affecting more than a billion of users of the Apple ecosystem. Moreover, the knowledge gained during this process helps to open up proprietary interfaces and enable interaction with third-party devices. There are still a lot of open topics on all layers. The main expertise within SEEMOO are wireless protocols. However, you can also contact us if you want to look into other concepts, such as low-level hardware security (PAC, side channels, ...), biometric security (Face ID, ...), network security (Private Relay, fuzzing the network stack, ...), and more. Usually, picking a single feature and exploring it in depth will be sufficient for a B.Sc. or M.Sc. thesis.
We offer experience within the Apple ecosystem and reverse-engineering tips for firmware, kernel, and user-space daemons, including the *OS Internals book series that documents iOS and macOS internals way beyond the official materials by Apple. Additionally, due to supervising a lot of theses in this area, we have a collection of example theses. We also have jailbroken iPhones and iPads, recent MacBooks, and other Apple devices. For your own safety and security, these are designated research devices and not meant for private usage. Note that we do not participate in the Apple research device program, meaning that you can set your own disclosure timeline when coordinating disclosure with Apple. In some cases, Apple might award you a bug bounty. We also encourage and financially support you presenting your results at a scientific or security conference.
The precise topic will be tailored to your previous experience. It is recommended to have a reverse-engineering background, e.g., previous participation in CTFs. Depending on the topic, either a strong programming background is required (develop an open-source equivalent of one Apple feature) or a good understanding of software/hardware security is mandatory (fuzzing a protocol, implementing a hardware attack, ...). Please contact us for more details.
We are currently getting many requests for this topic area. Please only contact us if you have a strong background in the previously mentioned areas.
[1] Apple Platform Security, May 2021, https://manuals.info.apple.com/MANUALS/1000/MA1902/en_US/apple-platform-security-guide.pdf
2022
In progress
Power Usage Advisory System for eHUB Inhabitants
Supervisor:
Frank Hessel
Martin Pietsch
Within the research center emergenCITY, we investigate how ICT can be used to strengthen a cities resilience during crises, e.g. blackouts, instead of being another critical infrastructure which can fail. With our freshly renovated living lab eHUB, we want to learn how self-sustaining buildings, which generate a surplus of electrical energy on their own, can support this approach. The eHUB provides a PV system with a battery, ready for starting experiments with off-grid operation. What it still needs is an integrated Smart Home system which can learn from the inhabitants’ behavior and support them in managing their energy budget, and offer the surplus e.g. to neighbors, first responders, or other emergency relief activities.
The house is currently equipped with a KNX-based system for controlling consumers and measuring energy production and consumption. Your task is to extend this system, so that it considers consumption and production, monitors activities within the house with their energy profile, includes external context information (e.g. to relate weather and expected power production), and interacts with the inhabitants. The interaction could happen for example by a (web) app, using wall-mounted displays or through a Smart Home Speaker/Hub developed in the project. We plan to use the interface for further experiments in the eHUB.
Some of the skills that will be helpful for working on this topic are (you do not need to tick all boxes):
UI, App or web design for creating a nice user interface
No fear in working with hardware installations and embedded systems (e.g. Linux on Raspberry Pis, knowledge of KNX, MQTT, … is an advantage)
Machine learning for creating predictive models
Experience with user studies in case you want to use that as method for evaluation.
This thesis will be supervised in cooperation with EINS.
2022
Completed
ECG-PPG A Comparison of Biometric Identification
Supervisor:
Matthias Gazzari
With the rise of the IoT and the usage of mobile devices, the need for improved security for those devices becomes more critical. Beyond regular passwords several other forms of identification such as biometric identification, have been introduced. They can offer increased convenience and less vulnerability to spoofing attacks. Most common forms of applied biometric identification include iris, face and fingerprint scanners that see most use in smartphones. But there has been an increasing interested in methods that utilize physiological signals of the human body. electrocardiogram (ECG) and photoplethysmogram (PPG) are among them and are the main point of interest for this work. They come with inherent advantages like being difficult to reproduce and can not be forgotten like a password.
Gathering records of the two signal types has become easier over the years and can now be performed with wearables like the Apple Watch. This opens new options for this field of research.
My work focuses on analyzing and reimplementing existing approaches for ECG and PPG based biometric identification systems and comparing them to deduct similarities, differences, strengths and weaknesses.
To achieve this two convolutional neural network (CNN) based ECG implementations and one PPG implementation that utilizes handcrafted feature extraction were adapted to work on a shared dataset that contain synchronized ECG & PPG data from the private SAPE and the public BIDMC database. This database was then used for evaluation of the systems. In addition commonly used biometric methods and databases were analyzed to aid in the final evaluation. High rates of accuracy were reached and compared to literature that utilized similar datasets.
2022
Completed
Repurposing Wi-Fi Chips as Software-defined Radio Receivers
Supervisor:
Jakob Link
Broadcom FullMac Wi-Fi Chips offer the possibility to configure its internals such that IQ samples can be fetched at several stages in the RX chain. This opens up the opportunity to repurpose those Wi-Fi Chips as Software-defined Receivers. As the firmare is proprietary and the configuration is non-trivial, reverse engineering of the underlying processes are required. In this thesis, we try to better understand the possible configuration options, tackle bottlenecks like memory and bus bandwidth restrictions, and create a tool that abstracts the SDR RX feature to end-users.
You should have experience with C, Reverse Egineering and interest in hardware features of RF receiver chains.
2022
In progress
ePaper Bulletin Boards to Inform Citizens During Crises
Supervisor:
Frank Hessel
Within the research center emergenCITY, we are looking for ways to keep people informed during crises which affect the power gird and/or communication networks. Integrating ePaper displays, which only low power and keep their information during interruption seem to be an interesting appraoch for this use case. This thesis implements a proof of concept for mounting such a display to the facade of a building.
2022
In progress
Collecting a Real-World Dataset of Private Patterns for Stream Processing Systems
Supervisor:
Mikhail Fomichev
The Internet of Things (IoT) shows a clear shift towards analyzing streaming data (collected by IoT devices) using so-called stream processing systems (SPSs) that infer knowledge from these data in (near) real-time. Such SPSs work on the notion of events detected from sensor data, e.g., a user is standing, jogging, or eating.
The SPSs raise serious privacy concerns, as they not only ignore user privacy but also pose new threats to it. For example, a sequence of seemingly nonsensitive events, like "swallow" --> "drink" --> "lay down", can reveal a sensitive private pattern of taking medicine.
A few privacy-preserving mechanisms (PPMs) exist to address the private patterns' threat, but they need to be validated on realistic datasets containing a number of private patterns that are captured by various sensor data, e.g., IMU, ECG/EMG, and heart rate. To date such datasets do not exist. Hence, collecting one would the main goal of this thesis, which will be a big step towards validating existing and designing new PPMs that tackle the threat of private patterns in SPSs.
The precise topic addressing the above research goal would be tailored depending on your skillset. However, a hands-on experience with data collection using smart devices (phones, watches, IoT sensors) and/or user studies is a strong plus. [1, 2] are exemplary data collection studies, which can serve as an inspiration for this work.
[1] FallAllD: An Open Dataset of Human Falls and Activities of Daily Living for Classical and Deep Learning Applications
[2] Case Studies Using Shimmer Sensors
2022
Completed
LoRaWAN in Disaster Scenarios
Supervisor:
Frank Hessel
LoRa comes with characteristics beneficial in crisis situations, like its long range and the low power consumption, which allows to run running devices on batteries significantly longer than, e.g., cellular base stations. However, LoRaWAN does not benefit from these characteristics, as it depends on a centralized, cloud-based network server infrastructure. If gateways can no longer access the backing network, forwarding stops and the network fails in the affected region. This thesis investigates collaboration between gateways to transparently forward frames from LoRaWAN devices in regions suffering from an outage of the backing network.
2022
Completed
Comparison of Side-Channel Touchlogging Attacks using Wearables
Supervisor:
Matthias Gazzari
Although many research papers about touchlogging attacks, which are leveraging wearable devices as a side-channel to log keys being typed on a smartphone, exist, there is no concise summary of those attacks, their advantages & limitations, and different scenarios and evaluation setups make comparisons difficult or unfair. Therefore, one has to sort through countless articles and papers to see if an approach has already been evaluated in a specific scenario or can not fairly compare two good performing approaches because the evaluation setup differs drastically between the two.
This thesis provides a framework combining five of the most common approaches for touchlogging attacks in four different typing scenarios and eight ways the user is wearing the wearable device. With this framework and its evaluation, a concise overview and quick, fair comparisons between the most common approaches to touchlogging are presented.
2022
In progress
Low-Power Network Support for the Recovery of Collapsed 6G Systems
Supervisor:
Leon Würsching
Frank Hessel
A resilient 6G network will be prepared for different failure scenarios and can absorb incidents to a certain level. However, there may be incidents that cannot be absorbed, e.g., a failure of the entire 6G core network due to a large-scale cyber attack. Further possible consequences of such an incident include a large-scale power outage affecting either parts or even the entire mobile network.
In this type of scenario, the 6G network would collapse and split into smaller networks. Such a small network could, e.g., consist of a single isolated base station running on emergency power, and the users connected to it. From here, isolated basestations have to reconnect with other base stations to recover some functionality of the 6G network. However, the need to conserve energy further complicates the recovery process because base stations are running on emergency power.
This thesis evaluates how such a recovery process of the 6G network can be supported with ad-hoc low-power networks.
In this thesis, the student will explore how isolated base stations can coordinate the reconnection of isolated base stations via a low-power network. This includes
discussing and choosing a suitable lower-layer protocol as a basis for the low-power network
implementing a basic consensus protocol to make distributed decisions
testing the developed protocol in simulation.
2022
Completed
Enterprise Authentication Systems
Supervisor:
Florentin Putz
Enterprise Authentication Systems
2022
Completed
Smartphone Pairing Schemes
Supervisor:
Florentin Putz
...
2022
Completed
Evaluation of UWB
Supervisor:
Heinrich
We want to evaluate current UWB devices
2022
Completed
Impact of Multi-Path Effects on Acoustic Keylogging Systems
Supervisor:
Matthias Gazzari
Florentin Putz
...
2022
Completed
Updating Heterogeneous LoRaWAN Nodes Using A Modular LoRaWAN-Stack
Supervisor:
Frank Hessel
The LoRaWAN 1.0 has been shown to suffer from security vulnerabilities which require updating the LoRaWAN implementation on respective sensor nodes. However, updating the firmware of LoRaWAN end devices is a demanding task, as data rate and duty cycle limit the throughput to only a few kilobytes per second. Heterogeneity amongst sensors exacerbates the situation by requiring dedicated images for each sensor type. The thesis addresses both problems by improving the updatability of LoRaWAN end devices by allowing to replace single functions of the LoRaWAN stack with architecture-independent drop-ins based on WebAssembly.
2022
Completed
Practical Evaluation of LoRaWAN in IIoT Environments
Supervisor:
Frank Hessel
2022
Completed
Reverse Engineering and Emulating Broadcom's WiFi Real-Time Core Peripherals
Supervisor:
Jakob Link
David Noel Breuer
Broadcom/Cypress WiFi chips commonly hold a microprocessor, also called D11 core, that handles all real-time related 802.11 MAC tasks in form of a programmable state machine (PSM). It is directly connected to the chip's PHY components as well as its non-real-time related parts. Successful attacks on the D11 core would therefore pose a high risk on the whole device. Especially, as the chip is constantly exposed over its wireless interface.
Although the D11 core's architecture and instruction set are mostly proprietary, disassembling and assembling of microcodes (D11's firmware) is possible due to previous reverse engineering efforts. This in turn allows analyzing, modifying and on-chip debugging of microcodes. However, the current related processes are error-prone and time consuming. To improve those tasks, a basic emulator that can interpret the proprietary instruction set and perform corresponding calculations and memory/register accesses was designed and implemented in prior work. But, in order to properly run microcodes on the emulator, several peripherals (e.g. timers, crypto engine, tx/rx engines, PHY interface, ...) that directly influence the PSM's flow need to be emulated additionally.
In this thesis, we want to analyze peripherals that are directly connected to the D11 core and simulate their behavior to the existing emulator.
C and Assembly skills are recommended, as well as experience and/or interest on reverse engineering, IEEE 802.11 MAC, and low-level programming.
2022
Completed
Implementation and Evaluation of Short-Range Aerial Acoustic Communication Systems for Smartphones
Supervisor:
Florentin Putz
...
2022
Completed
Emulating Broadcom's D11 Core
Supervisor:
Jakob Link
Cypress/Broadcom WiFi chips commonly hold a microprocessor, also called D11 core, that handles all real-time related 802.11 MAC tasks in form of a programmable state machine. The D11 core's architecture and instruction set are proprietary. Reverse engineering efforts already disclosed a sufficient subset of the instruction set to allow disassembling and assembling of microcodes(firmware of the D11 core) for specific core revisions. Still, analyzing, modifying, and debugging microcodes on-chip is error-prone and time consuming. Emulating the D11 core can be used as support for such tasks. In this thesis, we want to gain more knowledge about the D11 core's functionalities by further reverse engineering its internals, and implement an emulator that supports its instruction set and eases debugging of microcodes.
2022
Completed
Channel Characterization for Aerial Acoustic Communication Systems
Supervisor:
Florentin Putz
...
2022
Completed
Limits on Inferring Handwritten Characters using Wearables
Supervisor:
Matthias Gazzari
Recent studies have shown that handwritten characters can be distinguished from each other with a high accuracy leading to security threats such as impersonation, side-channel attacks or just building systems to mirror handwritten characters to digital space.
Most of these studies just focused on the character recording and building (complex) systems around the classification of these handwritten characters, resulting in sparse data sets with only specialized hardware in restricted settings.
With these specialized settings and hardware, it’s not clear what limitations might impact the accuracy of classification, let it be the type of sensor of the general writing style of a person and if these researches also apply to consumer hardware or general settings like writing with a simple pen on paper.
The results of this work aim to set clear limitations and settings for the recording of handwritten characters while using a simple pen and paper setting with multiple consumer devices.
Sampling a data set full of handwritten lower-case characters with the usage of multiple consumer wearables in different positions on the forearm, while limiting the speed and size of a character drawn, are processed and calculated into several time-domain and frequency-domain features to be classified by different machine learning methods resulting in accuracies of 20 % to 22 % for the IMU data, 15 % to 17 % for the EMG data and 16 % to 20 % for a mixed approach.
The results are in the range of current state-of-the-art findings adjusted for the size of classifiers used, so the defined limitations in this work might give a direction to which limitations are more useful in the scenario of classifying characters based on signal data using consumer devices.
2022
Available now
Generalized Network Coded Cooperation in High Density LoRa-Networks
Supervisor:
Luis Alves
Frank Hessel
The wireless channel is a non-linear and time-varying system. Thus, it represents a harsh environment to conduct transfers of information. One of the variables that predict the outage performance of transmissions over the wireless channel is the diversity order, where systems with higher diversity order experience a lower outage probability at a specific signal-to-noise ratio (SNR).
Diversity can be achieved through several means, with the most simple being repetitions (retransmissions) of the same information over different instances of the wireless medium, i.e. over another time period or frequency. One very relevant means is the use of multiple antennas, which adds diversity by also incorporating a spatial element. However, this element can also be obtained when devices with transmissions to a common destination aid each other with retransmitting their partner's information frames. That is the concept behind cooperative communication: achieving a spatial diversity gain without requiring multiple antennas on each device [1].
Network Coded Cooperation (NCC) is a more complex cooperative technique whereby devices perform linear combinations of the data contained in their own and their partner's information frame, creating a parity frame. This allows for an even higher diversity order gain without requiring any additional transmissions beyond the standard information and cooperative phases seen in cooperative communications [2].
This kind of technique can therefore be especially useful in scenarios where multiple devices share a common base station and require energy-efficient communications, such as in LoRa-based networks. LoRa is a prime modulation technique for enabling Low-Power Wide Area Networks (LPWANs), providing adequate interference prevention, relatively low power consumption, and long range. These benefits, however, do not scale well with increases in the network density [3]. Note that, in these high-density scenarios, increasing diversity by simply realizing more transmissions results in an increased collision probability, i.e. even higher interference. For LoRa-networks, this also means the network loses maximum range. Given that the number of connected devices is expected to balloon in this decade, LoRa-based protocols must be adapted to mitigate high levels of interference.
It has been shown that using NCC can produce positive results in the high-density scenario LoRa-based network when associated with a fast inter-device transmission of information frames using high rate frequency shift-keying (FSK). However, previous analyses were purely theoretical and limited to evaluating a two-way cooperation process [3].
This thesis will tackle the empirical and theoretical challenges of implementing generalized network-coded cooperation on LoRa-based networks. Cooperation will be expanded to include multiple devices within the cooperation range, which will generate a higher diversity order for the uplink transmissions. The student is expected to be programing LoRa devices based on either the SX1272 or SX1276 transceivers to validate their results.
If you have any interest in the described topic, please do not hesitate to get in touch.
[1] Cooperative communication in wireless networks
[2] Multiuser Cooperative Diversity Through Network Coding Based on Classical Coding Theory
[3] Network-Coded Cooperative LoRa Network with D2D Communication
2022
In progress
Reconfigurable Intelligent Surfaces in LoRa-based Networks for Large-scale IoT
Supervisor:
Luis Alves
Allyson Sim
LoRa is a prime modulation technique to enable Low-Power Wide Area Networks (LPWANs), providing adequate interference prevention, relatively low power consumption, and long range. These benefits, however, do not scale well with increases in the network density [1]. This represents an obstacle to achieving massive connectivity, seen as an important part of the future of wireless communications.
A surging technology that could mitigate the impacts of interference in LoRa-based networks is the so-called Reconfigurable Intelligent Surface (RIS). A passive element composed of meta-surfaces that can change characteristics of an impinging electromagnetic wave [2], the RIS concept allows the power of a received signal to be boosted through matching waveforms (i.e. phase delays) of otherwise destructive multi-path reflections.
This thesis will focus on the possible application of RIS in a LoRa-based network and will study the theoretical modeling of its impacts on the network performance, measured through energy efficiency and network range. If you are interested in this work, please do not hesitate to get in contact.
[1] Scalability Analysis of a LoRa Network Under Co-SF and Inter-SF Interference in Large-scale IoT Applications
[2] Reconfigurable Intelligent Surfaces for 6G Systems: Principles, Applications, and Research Directions
2022
Available now
Privacy-preserving beamforming using reinforcement learning
Supervisor:
Luis Fernando Abanto
In this thesis we consider the downlink of a wireless communication system. In particular, there is a base station transmitting information to multiple legitimate users in the presence of eavesdroppers which may compromise users’ privacy by capturing information sent from the base station. The goal of the thesis is to maximize the privacy degree of all legitimate users while ensuring that the eavesdroppers remain as oblivious as possible. To fulfill this, the base station leverages beamforming and reinforcement learning (RL). A specific objective of this thesis is to develop a practical RL algorithm with low latency and compare its performance against other approaches, e.g., based on convex optimization, which in general can be more time-consuming.
Required knowledge: reinforcement learning, wireless communications, signal processing (desirable)
2022
In progress
Hiding User Private Attributes Using Machine Learning
Supervisor:
Mikhail Fomichev
The ubiquity of IoT sensors enables customized user services such as smart health or smart home. Recently, the advances in machine learning have been exploited to discover private user attributes (e.g., gender, age) from sensor data collected for different purposes such as activity recognition, violating user’s privacy.
Two recent works [1, 2] utilize state-of-the-art machine learning techniques to suppress private user attributes in sensor data while maintaining the utility of the target application (e.g., target activity recognition remains accurate).
In this thesis, we will critically evaluate the above proposals, with respect to their security (can other private attributes be learned on these data), generalizability (would they still work on a slightly different sensor data?), and deployability (can such approaches run on edge devices?).
The precise topic addressing the above research goal would be tailored depending on your skillset. However, a solid background in machine learning and data mining is required in addition to a thorough understanding of privacy issues stemming from sensor data (also known as inference attacks).
[1] Protecting Sensory Data against Sensitive Inferences
[2] Preventing Sensitive Information Leakage from Mobile Sensor Signals via Integrative Transformation
2022
In progress
Discovering Oversensing Privacy Issues in Smart IoT Environments
Supervisor:
Mikhail Fomichev
The proliferation of the IoT makes numerous smart devices equipped with rich sensing capabilities part of our everyday life. These sensors enable customized services by measuring a user’s ambient environment such as a fitness tracker recording daily activities (e.g., jogging), allowing users who exercise a lot to get an insurance discount.
However, the ubiquity of sensing raises the problem of oversensing [1], namely inferring user’s sensitive attributes or behaviors (e.g., health conditions, political orientation) from the sensor data that was collected for benign purposes.
In this thesis, we will explore the landscape of oversensing, focusing on the following problem: how to discover the oversensing issues in various sensor data in a scalable (i.e., automated) way?
The precise topic addressing the above research goal would be tailored depending on your skillset. However, a solid background in machine learning and data mining is required in addition to a thorough understanding of privacy issues stemming from sensor data (also known as inference attacks).
[1] How to Curtail Oversensing in the Home
2022
Available now
Beam management in mmWave full duplex joint sensing and communication system
Supervisor:
Lu Wang
Arash Asadi
Joint Sensing and Communication technology is one of the key 6G technologies. It makes your phone/vehicle/device smarter with the function of sensing and communication simultaneously [1]. By beaming the transmitted data in a direct way, both sensing and communication performance can be improved. If you are interested in the beam-related design in the joint sensing and communication system, feel free to contact us.
Research objective: 1. Sensing parameters estimation 2. Beam management(searching/tracking) and beamforming design 3. full duplex joint sensing and communication system design
Expected gain of knowledge: Wireless communication
[1] Y. Cui, F. Liu, X. Jing and J. Mu, "Integrating Sensing and Communications for Ubiquitous IoT: Applications, Trends, and Challenges," in IEEE Network, vol. 35, no. 5, pp. 158-167, September/October 2021.
2022
Available now
mmWave full duplex joint sensing and communication design
Supervisor:
Lu Wang
Arash Asadi
Joint Sensing and Communication technology is one of the key 6G technologies. It makes your phone/vehicle/device, etc., smarter with the function of sensing and communication simultaneously [1]. Configuring this technology in mmWave band, better performance such as higher date rate can be realized. If you are interested in the joint sensing and communication system design, feel free to contact us.
Research objective: 1. Sensing parameters estimation 2. full duplex joint sensing and communication system design
Expected gain of knowledge: Wireless communication
[1] Y. Cui, F. Liu, X. Jing and J. Mu, "Integrating Sensing and Communications for Ubiquitous IoT: Applications, Trends, and Challenges," in IEEE Network, vol. 35, no. 5, pp. 158-167, September/October 2021.
2022
Available now
Privacy and Security Implications of Cross-Modal Transformations on Human-Centric Sensor Data
Supervisor:
Matthias Gazzari
This topic is about implementing a cross-modal transformation model on a chosen pair of human-centric sensors (sensors which are worn by or close to humans), for recreating one stream of sensor data based on the other one. The ultimate goal of this thesis is to evaluate the performance of such a model with respect to the privacy and/or security implications.
Contact me if you are interested and/or have a cool idea for a specific pair of sensors relevant for violating the privacy and/or the security of a human being.
Experience with machine learning and/or signal processing is required. A good understanding of sensors and their measured physical quantities is strongly recommended.
2022
Available now
CSMA/CD for Wi-Fi
Supervisor:
Robin Klose
Motivation
Carrier Sense Multiple Access with Collision Detection (CSMA/CD) is a technique used in wired networks like Ethernet (IEEE 802.3) to improve network performance by efficient medium access. When a collision is detected, the colliding nodes terminate their transmissions to keep the collision time as short as possible. This effectively improves the utilization of the transmission medium, since less time is spent in collisions and the time between transmission attempts is reduced.
In wireless networks, however, CSMA/CD is generally assumed to be impractical due to the physical characteristics of the wireless channel. In fact, the power of a signal degrades by orders of magnitudes on its way from transmitter to receiver due to free space path loss and signal propagation effects, such as attenuation and reflections. Therefore, even if a transmitter was equipped with a separate receive antenna, its own transmission would typically drown out the weak signals from other transmitters, which would render the detection of weak signals impossible. Nevertheless, recent research has demonstrated that self-interference cancellation techniques become feasible, which allows to design full-duplex radios [1]. This might effectively be key to the design of CSMA/CD for IEEE 802.11-based networks, allowing for enhanced network performance under high load conditions [2].
[1] Mayank Jain, Jung Il Choi, Taemin Kim, Dinesh Bharadia, Siddharth Seth, Kannan Srinivasan, Philip Levis, Sachin Katti, and Prasun Sinha. “Practical, Real-Time, Full Duplex Wireless”, 17th annual international conference on Mobile computing and networking (ACM MobiCom '11). Las Vegas, Nevada, USA, 2011, pp. 301-312.
[2] Konstantinos Voulgaris, Athanasios Gkelias, Imran Ashraf, Mischa Dohler and A. H. Aghvami. “Throughput Analysis of Wireless CSMA/CD for a Finite User Population”, IEEE Vehicular Technology Conference, Montreal, Quebec, CA, 2006, pp. 1-5.
Goal
Literature review: Review different self-interference cancellation techniques and assess their suitability for 802.11-based networks. Also review literature relating to channel access techniques.
CSMA/CD design: Make a conceptual design of a fully-fledged CSMA/CD mechanism, which also takes practical limitations into account, such as settling times of gain controls. Your design may also employ correlation techniques to detect weak signals from far-away nodes.
Implementation: Implement your CSMA/CD design on a software-defined radio. Self-interference cancellation might require a combination of well-considered antenna placement on the device, analog cancellation in the RF band, and digital cancellation in the baseband. Your implementation may be based on GNU Radio and USRP, or on WARP.
Evaluation: Evaluate the performance of individual components of your implementation (e.g., the self-interference cancellation gain), as well as the overall performance of CSMA/CD nodes in a real network, as compared to conventional CSMA/CA.
2022
Available now
Unsupervised learning from video segmentation to person/object tracking in wireless networks
Supervisor:
Arash Asadi
There is a large body of work on using commercial wireless devices to detect, identify and localize people as well as their motion, gestures, and even vital signs. The underlying techniques span from machine learning techniques to signal processing and Radar.
To some extent, the impact of a person's body/motion on the wireless signals can resemble an image/video.
While there has been extensive use of advanced Machine learning techniques for people/object tracking in videos, there is very little work on using these techniques in the wireless domain. For example, applying the works presented here (https://www.youtube.com/watch?v=tSBWZ6nYld0) to wireless sensing.
If you find this interesting, send me an email to discuss further details.
2022
Available now
Preserving Privacy against WiFi Sensing
Supervisor:
Arash Asadi
Your WiFi router is constantly monitoring the surrounding. You can analyze the channel state information to detect the location and even trajectory of people in their homes. There are many other applications including detecting heartbeat, breathing rate, reading lips, etc. If you are interested in implementing one of these systems using real hardware and finding solutions to fight against it, send me an email. Note that these are rather challenging topics as they require good knowledge of communication as well as signal processing.
Research objective
WiFi Sensing countermeasures
Expected gain of knowledge
Wireless communication, Signal processing
2022
Available now
Going against the tide: Using interpretable machine learning instead of black box DNN for wireless sensing
Supervisor:
Arash Asadi
Your WiFi router is constantly monitoring the surrounding. You can analyze the channel state information to detect the location and even trajectory of people in their homes. The majority of these works leverage black box machine learning, which questions their reliability.
While many believe that the black box models provide higher performance and are less complex, new studies suggest otherwise [1]. If you are interesting to go against the tide and prove interpretable learning can perform similar to black box model in wireless sensing, send me an email.
Research objective: Explanation methods for WiFi Sensing
Expected gain of knowledge: Wireless communication, Interpretable machine learning
[1] C. Rudin, “Stop explaining black box machine learning models for high stakes decisions and use interpretable models instead,” Nat Mach Intell, vol. 1, no. 5, pp. 206–215, 2019, doi: 10.1038/s42256-019-0048-x.
2022
Available now
FPGA development and experimental analysis of beamforming and beam-tracking in 6G networks
Supervisor:
Arash Asadi
Waqar Ahmed
Millimeter-wave frequencies (30-300 GHz) will be dominating 6G communications, providing users with tens of Gbps data rates. However, communication at such high frequencies requires using highly directional beams to compensate for the propagation loss.
In our group, we have access to unique software-defined radios capable of communication at 70 GHz with 4GHz of bandwidth. If you are interested in performing experimental studies in this area and contributing to the research in the next generation of mobile networks, this could be your topic.
Research objective: Test and development of agile beamforming/tracking for 6G systems
Expected gain of knowledge: Wireless communication, FPGA programming
2021
In progress
Glitching Wireless Chips
Supervisor:
Jiska Classen
Glitching is a method that allows bypassing security checks in firmware running on chips. Dropping voltage or inducing an electromagnetic field for a very short moment causes the chip to behave differently. For example, the chip might skip a check in the secure bootloader, allowing an attacker to run arbitrary firmware. This is of special interest for wireless security research. Instead of re-implementing protocols on software-defined radios, we can modify existing firmware to test very specific security assumptions in an otherwise unmodified environment.
We have a lab with various equipment suitable for glitching, such as oscilloscopes, the ChipWhisperer and the ChipShouter. Thus, the thesis will require you to do at least some parts of the work onsite. However, we also have some ChipWhisperer Nanos etc., in case you want to do parts of the work from home.
Required background knowledge is either electrical engineering or IT security. Can be done as both, either B.Sc. thesis or M.Sc. thesis, depending on the amount/complexity of chips.
2021
Completed
FIDO2 Platform Authenticators
Supervisor:
Florentin Putz
...
2021
Completed
Evaluation of Acoustic Communication Schemes
Supervisor:
Florentin Putz
...
2021
Completed
Evaluation of Ultra-Wideband for Secure Device Pairing
Supervisor:
Alexander Heinrich
Florentin Putz
Evaluation of Ultra-Wideband for Secure Device Pairing
2023
Completed
Finger Detection of Keystrokes from RGB Video Streams
Supervisor:
Matthias Gazzari
To research the security impact of side-channel keylogging attacks, we need suitable datasets containing the sensor data and the pressed keys. However, when our side-channel targets the user through acceleration, EMG, or other wearable sensors, we might want additional ground truth about the users’ activity, e.g., a representation of which finger was used to type a certain key. This data makes it possible to directly correlate the sensor readings with the activity that caused them, which could help develop more accurate and robust keylogging models. Previous work in this area focused more on stand-alone virtual input devices that do not reflect real-world keyboards or require expensive motion tracking hardware to track finger positions. In this thesis, we design, implement and evaluate a system that can infer finger usage from a monocular RGB video of a user typing on an unmodified keyboard. Our evaluation shows that our implementation can accurately label the hand usage for over 96 % of keystrokes and the finger usage for over 97 % of keystrokes. As such, our system can be a helpful aid in the creation of new datasets for research into keylogging side-channels.
2021
Completed
Analyzing the Deployment of Device-Specific Android Security Features
Supervisor:
Florentin Putz
Analyzing the Deployment of Device-Specific Android Security Features
2021
Completed
Investigating the Pitfalls of FIDO2 Usability in Practice
Supervisor:
Florentin Putz
2021
Completed
Handwriting Recognition using IMU and EMG Sensor Data
Supervisor:
Matthias Gazzari
With the rise of wrist-worn devices like smartwatches and fitness trackers and the integration of Inertial Measurement Unit (IMU) sensors questions about the privacy impact of their recorded data arise which often gets little attention in privacy considerations. Worn on the wrist one possible impact is a possible eavesdropper inferring the handwriting done by the wearer of the device using the collected IMU data. Another use case is the deliberate digitizing of handwriting by users wearing such devices. In this case it is also feasible for the user to wear an additional device to improve the digitizing.
In this thesis we investigate both the possible privacy impact and the possibilities for a deliberate digitizing of handwriting done on paper based on IMU sensor data recorded on a smartwatch. Furthermore, we collect Electromyography (EMG) sensor data using an armlet worn on the lower arm to analyze if the original recognition results can be improved utilizing these data. We design and conduct a data study aimed at mirroring everyday circumstances using an Apple Watch and a Thalmic Myo armlet to record the necessary data. Additionally, the original handwriting of the study participants is digitized by writing on paper on top of a Wacom Bamboo Slate tablet. We use the recorded continuous streams of IMU and EMG data to classify the written letters using the 1-Nearest Neighbor (1NN) algorithm in combination with the Dynamic Time Warping (DTW) algorithm. Our model achieves widely varying results depending on the writer and an overall accuracy of 0.28. Very low accuracies for the classification based on EMG data prevent us from evaluating possible improvements when combining both data types. Our findings suggest that the recognition depends on the writing style of the individual user and more research is required to make the handwriting recognition based on IMU or EMG data applicable to writing in everyday life.
2021
Available now
Software Defined Wireless Networks
Supervisor:
Bastian Bloessl
I work a lot with Software Defined Radio, in particular GNU Radio. Talk to me, if you are interested in:
Implementing or testing a standard or proprietary technology.
Real-time signal processing (e.g., scheduling or benchmarking).
Hardware acceleration (SIMD, FPGA, or GPU).
Distributed signal processing.
If you are excited about one of these topics, we can come up with a Bachelor or Master thesis that matches your interest.
2021
Completed
3D Positioning and Posture detection using iOS
Supervisor:
Arash Asadi
Modern smartphones contain many sensors and frameworks that can capture the surrounding world.Capable mobile processors, machine learning and frameworks allow us to capture the pose of a human with very little extra work.
We are looking for a student that wants to work with augmented reality and extend the posture detection system in iOS with a 3D positioning system. The software may combine multiple iPhones at different locations to enhance tracking. In the end, such a system allows to quickly create dataset necessary for WiFi sensing, create interactive games and more.
A small introduction to the available frameworks has been given on WWDC 2020. Starting at minute 13 the video shows what is already possible today.
https://developer.apple.com/videos/play/wwdc2020/10653/
2021
Available now
Preserving Privacy against WiFi Sensing
Supervisor:
Arash Asadi
Your WiFi router is constantly monitoring the surrounding. You can analyze the channel state information to detect location and even trajectory of people in their homes. There are many other applications including detecting heartbeat, breathing rate, reading lips, etc. If you interested in implementing one of these systems using real hardware and finding solutions to fight against it, send me an email. Note that these are rather challenging topics as they require good knowledge of communication as well as signal processing.
Research objective
WiFi Sensing countermeasures
Expected gain of knowledge
Wireless communication, Signal processing, Physical layer privacy
2021
Completed
Protecting Heartbeat and Respiration Information in WiFi Sensing Applications
Supervisor:
Arash Asadi
2021
Completed
Security Analysis of Neighbor Awareness Networking-capable Wi-Fi Firmware using Fuzzing
Supervisor:
Lars Almon
2021
Completed
Protocol Design for Energy-Efficient Broadcast Tree Contruction in Wireless Ad-Hoc Networks
Supervisor:
Robin Klose
2021
In progress
iPhone Baseband
Supervisor:
Jiska Classen
2021
In progress
iOS CommCenter Protocol Analysis
Supervisor:
Jiska Classen
2021
In progress
iOS CommCenter Fuzzing
Supervisor:
Jiska Classen
2021
In progress
iOS Bluetooth Security
Supervisor:
Jiska Classen
2021
Completed
Very Pwnable Network: Reverse Engineering and Vulnerability Analysis of AnyConnect for Linux
Supervisor:
Jiska Classen
2021
In progress
Responsible Disclosure im IoT-Sektor
Supervisor:
Jiska Classen
2021
In progress
Practical Analysis of Friendly Jamming to Augment the Security of Industrial Remote Control Systems
Supervisor:
Jiska Classen
2021
In progress
Improving State Coverage in Bluetooth Fuzzing
Supervisor:
Jiska Classen
2021
Completed
Attacks on Wireless Coexistence
Supervisor:
Jiska Classen
2021
In progress
AnyConnect and VPN Security on iOS
Supervisor:
Jiska Classen
2021
Completed
A Full-Band Bluetooth Sniffer for a Software-Defined Radio
Supervisor:
Bastian Bloessl
Jiska Classen
2020
Completed
Speeding up and hardening zero-interaction pairing by utilizing off-the-shelf IoT actuators
Supervisor:
Mikhail Fomichev
2020
Completed
Delay-Tolerant LoRaWAN with mobile Gateways and SatCom Backhaul
Supervisor:
Lars Almon
2020
Completed
LoRa for Smart Street Lamps
Supervisor:
Lars Almon
2020
Completed
Circumventing ECG Authentication with Deep Generative Models based on PPG Pulse Data
Supervisor:
Matthias Gazzari
Electrocardiogram (ECG) biometrics is a steadily growing and increasingly popular field of research. In this work, we propose a novel attack scenario in which we train a generative model to uncover and spoof the ECG of a victim by merely observing another cardiovascular signal of the victim: their photoplethysmogram (PPG). For the model, we propose a conditional generative adversarial network (cGAN) with a U-Net style generator and least-squares loss. Since current training datasets do not fall into the off-the-person category, we additionally collect a custom dataset of synchronized PPG and ECG measurements. It features 33 recordings by 31 participants with a median age of 28.
We evaluate the model against a baseline by Zhu et al. Our model has a lead over the baseline with a mean relative root-mean-square error (rRMSE) of 0.47 vs. 0.49 on the TBME-RR dataset but lacks behind on our own dataset with a mean rRMSE of 0.61 vs. 0.55. The evaluation demonstrates that the cGAN is able to properly recreate the overall characteristics and noise of the ground truth. In the proposed attack scenario, the model yields an overall success rate of up to 26 % against a neural-network-based authentication system.
2020
Completed
Low-Latency Flooding in IEEE 802.11g Networks through Concurrent Broadcasting with Wireless Synchronization using WARP Software-Defined Radios
Supervisor:
Robin Klose
2020
Completed
Keylogging Side-Channel Attacks on Bluetooth Timestamps: A Timing Analysis of Keystrokes on Apple Magic Keyboards
Supervisor:
Matthias Gazzari
Jiska Classen
In the past several timing attacks have been applied to recover sensitive input on keyboards. If these kind of attacks could be migrated to the wireless communication of keyboards, this would make the use of wireless keyboards less secure. In this thesis we apply a timing attack on the Bluetooth communication of the Apple Magic Keyboard by recording the time between consecutive Bluetooth packets and recover the typing with a Hidden Markov Model (HMM). With this attack we are able to shrink the search space of random passwords by a factor of 5 to 10, which considerably speeds up exhaustive search.
2020
Completed
The Latency--Throughput Tradeoff of GPP-based SDRs
Supervisor:
Bastian Bloessl
2020
Completed
GNU Radio Runtime Performance Evaluation
Supervisor:
Bastian Bloessl
2020
Completed
Analysis of Apple's crowdsourced location tracking system
Supervisor:
Milan Stute
2020
Completed
Prevalence Analysis of Dark Patterns in Newsletters
Supervisor:
Matthias Gazzari
The dependence on online shopping makes consumers to popular targets of malicious intents. With a vast understanding of the human psyche, dark patterns are capable of leading consumers to perform actions which they would not do under normal circumstances, such as evoking buying pressure or giving away sensitive data. In this thesis, we focus on the detection of dark patterns, especially the Social Proof, Misdirection, Scarcity, and Urgency patterns using multinomial naïve Bayes, support-vector machine, k-nearest neighbor, and random forest, as well as state-of-the-art transfer learning methods like ULMFiT and DistilBERT. For this purpose, we utilize a collection of 1818 classified dark patterns. First, we perform nested cross-validations for all algorithms for valuable insights that we need for the model selection. Overall we achieve a balanced accuracy of 0.926 on average, whereas all models, except for k-nearest neighbor, perform similarly well. Then, with the gained knowledge, we demonstrate that dark patterns can indeed be detected using machine learning techniques. At last, using our fine-tuned models, we reveal the existence of dark patterns in a collection of newsletter emails, with a performance of 0.436 balanced accuracy. Thus we conclude, that this work provides essential insights into the fact that dark patterns exist in hitherto unnoticed fields and how more sophisticated methods are crucial to combat such patterns.
2020
Completed
Implementation and Analysis of a Keystroke Dynamics Authentication System
Supervisor:
Matthias Gazzari
Password based authentication systems face many problems in today’s time. Data breaches and users selecting weak passwords raised the need for different authentication methods or a second factor. Popular methods include fingerprint or face detection and second factors like access or transaction codes. But there are less explored systems that use keystroke dynamics authentication.
In this bachelor thesis we analyze existing keystroke dynamics authentication systems. To get a better understanding we implement such a system. Using datasets that are publicly available our system reaches a false acceptance rate (FAR) of 14 % and a false rejection rate (FRR) of 28 %. Having an own keystroke dynamics authentication systems we can then perform an evaluation in terms of usability in practice. Based on this evaluation we discuss in which cases such a system is a suitable and secure way for authentication.
We conclude that in general keystroke dynamics authentication systems are a convenient and secure way for an additional security factor. But we also distinguish existing challenges like when users have different computers (with different keyboards) or use auto-fill functions of password managers. And we state ideas on how our system’s performance could be improved and challenges could be faced.
2020
Completed
Wi-Fi Sharing for All: Reverse Engineering and Breaking the Apple Wi-Fi Password Sharing Protocol
Supervisor:
Milan Stute
Modern devices provide more and more functionality, simplifying everyday tasks. Obscured from the user are the complex, proprietary, and undocumented protocol stacks, most of them always listening in the background. In this thesis, we take a look at one of these features, Apple Wi-Fi Password Sharing, which enables users to share the Wi-Fi password to guests in their home. We publish documentation of involved frameworks, describe the actual protocol, and search for vulnerabilities. Besides one implementation bug, we find multiple small flaws in the protocol and user interface, which we combine into two attacks, a denial-of-service attack, which crashes the iOS settings app, and a man-in-the-middle attack, which spoofs the victim into an attacker-controlled Wi-Fi network.
2020
Completed
Advanced Mitigation and Response Methods in the Context of Automotive Ethernet Security
2020
Completed
VPN in a Mobile Environment: Security, Privacy, and Usability
Supervisor:
Jiska Classen
2020
Completed
ToothPicker: Enabling Over-the-Air and In-Process Fuzzing Within Apple's Bluetooth Ecosystem
Supervisor:
Jiska Classen
2020
Completed
Remote Code Patching Framework for a TETRA Base Station
Supervisor:
Jiska Classen
2020
Completed
Practical Security Analysis of IoT Ecosystems
Supervisor:
Jiska Classen
2020
Completed
Practical Bluetooth RNG Analysis
Supervisor:
Jiska Classen
2020
Completed
Polypyus: Firmware History Based Binary Diffing
Supervisor:
Jiska Classen
2020
Completed
Fuzzing a TETRA Base Station via Binary Patching
Supervisor:
Jiska Classen
2020
Completed
Bluetooth Low Energy Sniffing
Supervisor:
Bastian Bloessl
Jiska Classen
2020
Completed
Applicability of IoT Security Frameworks as Guidelines for Penetration Testing
Supervisor:
Jiska Classen
Max Maass
2020
Completed
Analyzing the macOS Bluetooth Stack
Supervisor:
Jiska Classen
2019
Completed
Analyzing Apple’s Private Wireless Communication Protocols with a Focus on Security and Privacy
Supervisor:
Milan Stute
2019
Completed
Communicating Privacy and Security issues
Supervisor:
Max Maass
.
2019
Completed
Creating an indoor simulation tool witha realistic antenna model for an IEEE 802.11ad 60 GHz devices
Supervisor:
Allyson Sim
Lars Almon
2019
Completed
Detecting Extension Abuse in the Wild
Supervisor:
Max Maass
.
2019
Completed
Security Analysis of LoRaWAN: An Experimental Evaluation of Attacks
Supervisor:
Lars Almon
Flor Maria Alvarez Zurita
Read the thesis
Low-power wide-area networks (LPWAN) are becoming the wireless backbone for modern business processes and municipal administration. LoRaWAN, which stands for long-range wide-area network, is a recent medium access control (MAC) layer protocol competing for this market. It stands out by its open operator model and a novel modulation technique. With LoRaWAN and other communication technologies are becoming a dependency for more and more aspects of today's society, the question for their security and reliability comes up. Previous researches on the topic have already revealed vulnerabilities in the first LoRaWAN specification, which have been partly mitigated in the most recent LoRaWAN 1.1. However, related studies often provide only theoretical results or consider practical scenarios only on a specific, small scale. In this thesis, we present a LoRaWAN security evaluation framework that allows field-testing the security and reliability characteristics of actual LoRaWAN deployments. This provides not only reproducible results but also allows making a comparison between defined versions of the specification and LoRaWAN software. Before expounding implementation details, we provide a literature survey on LoRaWAN vulnerabilities and attacks to identify interesting aspects for further evaluation. From our experimental results, we show that jamming is a serious threat to the availability of LoRaWAN networks. Furthermore, we demonstrate the practical applicability of two replay attacks against a selection of LoRaWAN software and illustrate why they will remain relevant for years due to backward compatibility.
2019
Completed
Security Evaluation of LoRaWAN Network Servers using Fuzzing
Supervisor:
Lars Almon
Low Power Wide Area Network (LPWAN) technologies like Long Range Wide Area Network (LoRaWAN) are used for creating low maintenance sensor networks in many scenarios. The central part of a LoRaWAN is the Network Server (NS). Previous security research often focused on conceptual security issues in the protocol, this work evaluates fuzzing, the security testing using semi-valid random messages, as a technique to find vulnerabilities in NSs. We investigate the situation of practical network deployments and software in use. Then we derive an approach for a general fuzzing framework for NSs. We present our fuzzer implementation in detail and describe experiments we conducted with an example network server. The results show that this network server was susceptible to a denial of service attack. We therefore conclude that fuzzing is an appropriate tool for making LoRaWANs more secure by uncovering vulnerabilities in NSs.
2019
Completed
nextoyou - a zero-interactiion co-presence detection scheme based on Channel State Information
Supervisor:
Mikhail Fomichev
2019
In progress
Communicating Privacy and Security issues
Supervisor:
Jiska Classen
2019
Completed
Bluetooth Mesh Network Security Analysis: An Experimental Evaluation of Attacks Using Btlejack
Supervisor:
Flor Maria Alvarez Zurita
Lars Almon
2019
Completed
PrivacyMail – Analyzing the Email Tracking Ecosystem
Supervisor:
Max Maass
2019
In progress
TETRA Base Station Binary Patching
Supervisor:
Jiska Classen
2019
Completed
Intercom Security
Supervisor:
Lars Almon
Jiska Classen
Intercom security analysis.
2019
In progress
Bluetooth Entropy
Supervisor:
Jiska Classen
2019
In progress
Bluetooth Controller Emulation and Fuzzing
Supervisor:
Jiska Classen
2019
Completed
PrivacyGraph – A Holistic View of the Online Tracking Ecosystem
Supervisor:
Max Maass
.
2019
Completed
Applicability of Penetration Testing Guides for the Internet of Things
Supervisor:
Max Maass
2019
Completed
Smart Home Security
Supervisor:
Max Maass
2019
Completed
Practical Evaluation of LoRa in Multihop Networks
Supervisor:
Lars Almon
Practical Evaluation of LoRa in Multihop Networks
2019
Completed
Implementation of a Linux User-space Neighbor Awareness Networking Protocol Stack
Supervisor:
Lars Almon
Implementation of a Linux User-space Neighbor Awareness Networking Protocol Stack
2019
Completed
Analyzing Email Privacy
Supervisor:
Max Maass
2019
Completed
Advanced TSCH Scheduling Mechanisms for Wireless Sensor Networks
Supervisor:
Dingwen Yuan
2019
Completed
Practical Performance Analysis of Neighbor Awareness Networking
Supervisor:
Lars Almon
Milan Stute
2019
Completed
Inferring Keystrokes from Myo Armband Electromyographic and Inertial Measurement Unit Data
Supervisor:
Max Maass
Mobile devices, such as phones and wearables, include an increasing variety of more and more accurate sensors, only part of which the users can control to a certain extent to protect their privacy. In the meantime, mostly with respect to the accelerometer and gyroscope sensors of smartwatches, various keylogging side-channel attacks have been described in literature, demonstrating that sensitive information like passwords can be inferred from the data recorded by these sensors.
In this thesis, we take a closer look at the Myo armband, a wearable device worn on the upper part of the forearm containing an accelerometer, a gyroscope, a magnetometer and eight electromyographic (EMG) sensors for measuring muscle activity. In particular, we investigate whether the EMG data supports the recognition of finger movements sufficiently to detect new keystrokes of the same person or of previously unseen typists.
We create a dataset based on both keystroke and sensor data collected from 27 volunteers wearing two Myo armbands while typing on a physical keyboard. In order to detect keystrokes based on this data, we apply supervised learning approaches utilizing a random forest, a convolutional neural network (CNN) adaptation of WaveNet and a convolutional recurrent neural network (CRNN).
We estimate the predictive performance, achieving a mean f1 score of 0.75 for the CRNN in the within-subject scope and an f1 score of about 0.61 for the between-subject scope, independent of the chosen model. These estimates are validated in a proof of concept, achieving a mean f1 score of 0.64 for the CRNN in the within-subject scope and a mean f1 score of 0.65 for the WaveNet adaptation on an unseen person in the between-subject scope.
2019
Completed
Security Analysis of IoT Ecosystems
2019
Completed
Secure Device Pairing Using Short-Range Acoustic Communication
Supervisor:
Flor Maria Alvarez Zurita
Jiska Classen
2019
Completed
PowerPC Binary Patching and dissecting of TETRA Base Station
Supervisor:
Jiska Classen
2019
Completed
Fuzzing the Linux Bluetooth Stack
Supervisor:
Jiska Classen
2019
Completed
Dynamic Bluetooth Firmware Analysis
Supervisor:
Jiska Classen
2019
Completed
Analyzing Firmware and Cloud Security of a Premium IoT Ecosystem
Supervisor:
Fabian Ullrich
Jiska Classen
2019
Completed
A researcher’s guide to the Fitbit Ionic smartwatch
Supervisor:
Jiska Classen
Daniel Wegemer
2019
Completed
A Study on Proprietary Communication Protocols Used in TETRA Hardware Components
Supervisor:
Jiska Classen
2018
Completed
Security Aspects of the Apple Wireless Direct Link Protocol
Supervisor:
Milan Stute
2018
Completed
Separation of Channel Coefficients in Concurrent Wi-Fi Transmissions using Deep Neural Networks
Supervisor:
Robin Klose
2018
Completed
Design of a Secure DIAMETER Edge Agent - study of the capabilities and performances of a DEA, with a PoC implementation
2018
Completed
Combining WiFi, Bluetooth and BLE: Limitations and synergy effects of using Google Nearby Connections 2.0
Supervisor:
Lars Almon
Now most of the smartphones are equipped with different wireless interfaces namely Wi-Fi, Bluetooth, BLE, Ad-hoc Wi-Fi, and NFC. These different interfaces have different weaknesses and strengths. Bluetooth is suited for low bandwidth and short-range communication. Bluetooth Low Energy(BLE) on the other hand is aimed at devices which have limited power supply and need to transfer data in short intervals. Wi-Fi is well suited for high bandwidth, low-latency communication with increased ranges. By utilizing the combination of these interfaces, we can enhance the performance of offline peer-to-peer connectivity. The number of devices using the Internet is growing at a rapid rate, creating traffic congestion especially by using multimedia services. we can offload and distribute this traffic using high performance peer-to-peer connectivity. With the growing need of Infrastructureless network in the remote or disaster-stricken area, better device-to-device communication could prove to be life-saving. Nearby Connections 2.0 is the new offline peer-to-peer, high bandwidth low latency API from Google. It uses a combination of Wi-Fi Direct, BLE and Bluetooth to create reliable and fast connections. In this thesis, we evaluate Nearby Connections against all three interfaces it uses. We execute 4 experiments with different network parameters to analyze the limitations and benefits of using Nearby Connections. By varying different parameters we maximize the performance of each interface to observe the behavior of Nearby Connections. Our evaluation results indicate that this is in fact not the case with Nearby Connections. It does not adjust itself to get the best out of underlying interfaces. We show the limitations of Nearby Connections API. However, it performed better than both Bluetooth and BLE but against Wi-Fi Direct it performed way below the par.
2018
Completed
Desynchronization Attacks and Mitigations for the Apple Wireless Direct Link Protocol
Supervisor:
Milan Stute
2018
Completed
Learning the Beams: Efficient Millimeter-Wave Beam-Steering Techniques
Supervisor:
Daniel Steinmetzer
Motivation
Beam-steering is the backbone of millimeter-wave (mm-wave) networks and key to achieve data-rates of multiple gigabit per second. Nodes must steer their antennas so that they maximize the signal gain towards the intended communication partner. The state-of-the-art to find the best antenna configuration is to probe all possible antenna configurations. This process caused high overhead, especially in case of mobility when parameters must be adjusted continuously.
Goal
In this thesis, you apply machine learning techniques to find the antenna parameters most suitable for probing and select the optimal configuration with low overhead.
Implementation and evaluation in this thesis, should be performed by means of our mm-wave testbed platform with off-the-shelf IEEE 802.11ad devices. Experience with Linux, wireless network configuration, proper tools, and scripting languages is highly recommended.
2018
Completed
Draining Mallory and Sybil: DoS-resistant Disruption-Tolerant Networks
Supervisor:
Milan Stute
Description
Disruption-Tolerant Networks (DTNs) can be used as a communication means in the emergency context when communication infrastructure is unavailable. In DTNs, mobile user devices such as smartphones act as “data mules”: they store, carry and forward messages. Unfortunately, the “storing” part is especially vulnerable to denial-of-service (DoS) attacks since an attacker can flood the network with bogus information and, thus, replace or purge valid messages from a node’s buffer.
In this thesis, you will implement and evaluate a novel, DoS-resistant buffer management scheme in IBR-DTN [1], DTN implementation written in C++, which also runs on standard Android smartphones.
[1] IBR-DTN. https://github.com/ibrdtn/ibrdtn.
2018
Completed
Evaluation of MAC protocols for wireless sensor networks
Supervisor:
Dingwen Yuan
2018
Completed
Learning the Beams: Applying Evolution Algorithms for Optimized IEEE 802.11 ad Beamtraining
Supervisor:
Daniel Steinmetzer
2018
Completed
Wifi-based Key Encryption on Android Smartphones
Supervisor:
Matthias Schulz
Daniel Steinmetzer
2018
Completed
Practical Low-Layer Attacks on IEEE802.11ad by Modified WiFi Firmware
Supervisor:
Daniel Steinmetzer
Motivation
Millimeter-Wave (mm-wave) communication systems such as IEEE 802.11ad use directional beams that need to be trained prior to establishing a high-throughput connection. Such beam training protocols--the backbone of mm-wave communications--have a high impacts of the security of performance. Jamming or manipulating the frames associated with the beam steering might prevent a connection from being established or steer the beam for an adversary's benefit. We already obtained access to a WiFi chip of state-of-the-art routers at firmware level.
Goal
A bachelor or master thesis is this area might extend our current framework and integrate, for example, packet injection or jamming to launch and evaluate the aforementioned attacks.
Students should not be afraid of analyzing binary data and assembly instructions. Experience with IDA Pro is recommended.
2018
Completed
60 Ghz Channel Models: From Theory to Practice (and Back Again)
Supervisor:
Daniel Steinmetzer
Motivation
The channel characteristics of millimeter-wave communication systems at 60 GHz differ those in lower frequency bands and require a fundamental rethinking of network design. To investigate such aspects of network performance, we developed a raytracing based simulation framework to predict the signal quality in arbitrary environments. However, the internals in the simulation are based on theoretical considerations and models. So far, simulation results have not been compared to realistic measurements.
Goal
In this thesis, your task is to extend our simulation framework [1] in MATLAB and/or Python and compare results with realistic measurements performed with common IEEE 802.11ad router hardware. We expect that impairments due to cheap antenna and RF circuit design lead to divergences from simulation. Can you adapt the simulation to provide more realistic outcomes?
[1] mmTrace: ray-tracing based millimeter-wave propagation simulation
2018
Completed
Hacking Bluetooth Firmware of WiFi Combo Chips in Mobile Devices
Supervisor:
Matthias Schulz
2018
Completed
Processing and evaluation of the smarter field test about delay-tolerant networks in the event of an disaster
Supervisor:
Lars Almon
This thesis is about the processing and evaluation of the data generated by the Smartphone-based Communication Networks for Emergency Response (smarter) project. The smarter project is a research project that investigates the use of Delay Tolerant Networks (DTNs) as a method of communication for the civil population during a disaster situation. During this thesis the recorded data is transferred into a format readable by the simulator The Opportunistic Network Environment Simulator (The ONE), so that the field experiment can be repeated as often as required. This makes it possible to easily compare the data with that of other projects or to combine it with data genera ted by the simulator. The thesis also highlights some difficulties that may occure during the analysis and execution of field experiments.
2018
Completed
Performance Comparision of Packet Schemes for Mutually Hidden Messages
Supervisor:
Max Maass
2018
Separation of Channel Coefficients with Deep Neural Networks
Supervisor:
Robin Klose
Motivation
The separation of channel coefficients is a time-consuming operation. In this thesis project, we are going to explore the suitability of deep neural networks (DNNs) to speed up a specific PHY-related optimization task
Goal
The goal of this project is to explore the suitability of DNNs to separate channel coefficients. The project main goals are:
Research the literature about uses of DNNs in other optimization problems
Explore suitable DNN configurations for the envisioned task
Evaluate the DNN's performance in terms of accuracy and speed
2018
Completed
Analyzing Vulnerability and Privacy Data from the PrivacyScore platform
Supervisor:
Max Maass
Motivation
Every day new cyber security vulnerabilities are discovered and reported, which indicate weak security standards adapted by websites. The main aim of a hacker is to steal sensitive information by exploiting these vulnerabilities. The information and data compromised can be very costly and damaging for an organization. Hence, due to ever evolving tactics of the hackers and the changing cyber threat landscape, it is very important for an organization to be aware of the security vulnerabilities.
Until now, most of the work which is done allows to discover the vulnerabilities in web applications and anticipate the vulnerabilities exploits. Different techniques are used in this regard, including machine learning, evaluating inter-module relationships, and application of data analytics. All of these approaches have a common goal, which is to discover existing and new vulnerabilities and predict them for future. Some solutions consider evaluating the application code by performing static or dynamic analysis and finding vulnerabilities. However, a very critical question in this whole scenario arises, as to what we can do after a vulnerability is discovered? How to find similar vulnerabilities in the system and share this information with others for proactive resolution of the vulnerabilities? In this regard, data analysis of security vulnerabilities can provide a wealth of information. It can provide efficient vulnerability assessment by analyzing the existing vulnerability data
2018
Completed
Privacy als Wettbewerbsfaktor? Analyse der Reaktionen von Unternehmen auf Privacy-Score-Bewertungen
Supervisor:
Max Maass
2018
Completed
NEAT-TCP: Generation of TCP Congestion Control through Neuroevolution of Augmenting Topologies for Wireless Multi-Hop Networks
Supervisor:
Robin Klose
Motivation
TCP performance in wireless multi-hop networks (WMNs) is hard to achieve due to losses on the wireless channel, interferences and limited resources at individual nodes. Recent research has proposed a simple neural network (NN) structure with one input layer, two hidden layers, and one output layer that efficiently applies congestion control and that results in significant performance improvements compared to conventional TCP variants [1].
Further, NeuroEvolution of Augmenting Topologies (NEAT) is a method based on evolutionary algorithms that can outperform fixed-topology NNs in reinforcement learning tasks. We expect that NEAT may improve the performance of manually crafted NNs like iTCP even further.
Goal
The goal of this project is to assess the ability of NEAT to further improve the performance of an iTCP-based congestion control algorithm in the context of WMNs. The project main goals are:
Implement iTCP in a network simulation environment (ns-3)
Use NEAT to generate a modified NN structure for congestion control
Compare the performance of the modified congestion control to the initial iTCP-based version
[1] A. B. M. Alim Al Islam and Vijay Raghunathan, “iTCP: an intelligent TCP with neural network based end-to-end congestion control for ad-hoc multi-hop wireless mesh networks”, Wireless Networks, Volume 21, Issue 2, pp. 581–610, February 2015. doi: 10.1007/s11276-014-0799-6
[2] Kenneth O. Stanley and Risto Miikkulainen, “Evolving Neural Networks through Augmenting Topologies”, Evolutionary Computation 10:2, pp. 99-127, MIT Press, 2002. doi: 10.1162/106365602320169811
2018
Completed
Implementing a WiFi Jammer on a Raspberry Pi
Supervisor:
Matthias Schulz
2018
Completed
Experimental Evaluation on Inband Device-to-Device Communication in LTE
Supervisor:
Arash Asadi
2018
Completed
Practical Broadcast Tree Construction with Potential Game for Energy-Efficient Data Dissemination in Ad-Hoc Networks
Supervisor:
Robin Klose
Motivation
This project addresses the problem of energy-efficient data dissemination from a source node to all other nodes in a wireless multi-hop network. Mahdi Mousavi et al. from the Communications Engineering Lab at TU Darmstadt have devised a decentralized algorithm towards this goal that is based on game theory [1]. While simulation results have shown that this mechanism significantly outperforms other conventional flooding mechanisms, its practical applicability still remains unexplored.
Goal
The goal of this thesis project is to design a practical protocol that runs the game theoretical algorithm in [1] and to evaluate its performance in a network simulation environment. The project main goals are:
Analyze the game theoretical algorithm [1] for limiting assumptions
Devise a practical protocol for broadcast tree construction that is based on [1]
Implement this protocol in a simulation environment (ns-3)
Evaluate the energy efficiency of the constructed broadcast tree in comparison to conventional flooding techniques while taking the protocol overhead into account
[1] Mahdi Mousavi, Hussein Al-Shatri, Matthias Wichtlhuber, David Hausheer and Anja Klein, “Energy-Efficient Data Dissemination in Ad Hoc Networks: Mechanism Design with Potential Game”, 2015 International Symposium on Wireless Communication Systems (ISWCS), Brussels, 2015, pp. 616-620. doi: 10.1109/ISWCS.2015.7454421
2018
Completed
Using Physical Unclonable Functions (PUFs) for Data-Link Layer Authenticity Verification to Mitigate Attacks on IEEE 802.11ad Beam Training
Supervisor:
Daniel Steinmetzer
2018
Completed
Practical Defense Against Pollution Attacks in Network Coding-based Systems
Supervisor:
Milan Stute
Motivation
Network Coding has many positives properties that make it especially suitable for Wireless Multihop Networks [1]. Network Coding can be used to increase the effective capacity of the network, by coding (simplest form: bit-wise XOR) together packets of different flows and forwarding them in a single broadcast transmission to their intended receivers, e.g., [2]. It can also be used within a single flow to improve forward error correction (FEC) and, thus, increase transmission reliability, e.g., [3]. Unfortunately, systems based on Network Coding are easy targets for a number of attacks, and even easier to disrupt than protocols based on traditional forwarding [4].
Goal
In this thesis, you will familiarize yourself with the concept of Network Coding and analyize potential threats to both inter- and intra-flow Network Coding. Based on this, you will design and implement practical security measures. The design should then be validated against a number of different attacks.
2018
Completed
Experimental Evaluation of Mobile Attacks on Ad hoc Routing Protocols
Supervisor:
Milan Stute
2018
Completed
Testing the Efficacy of Vulnerability Disclosure over different Channels
Supervisor:
Max Maass
2018
Completed
Sicherheit funkferngesteuerter Rangierlokomotiven
Supervisor:
Jiska Classen
2018
Completed
Security Analysis and Firmware Modification of Fitbit Fitness Trackers
Supervisor:
Jiska Classen
2018
Completed
InternalBlue - A Bluetooth Experimentation Framework Based on Mobile Device Reverse Engineering
Supervisor:
Matthias Schulz
Jiska Classen
2018
Completed
Angriffsanalyse einer TETRA-Basisstation
Supervisor:
Jiska Classen
2018
Completed
Analysing and Evaluating Interface, Communication, and Web Security in Productive IoT Ecosystems
Supervisor:
Jiska Classen
Max Maass
2017
Completed
Reverse Engineering the Apple Auto Unlock Protocol
Supervisor:
Matthias Schulz
2017
Completed
Estimating Global MANET Metrics Based on Locally Observed Information
Supervisor:
Robin Klose
Motivation
Knowledge of global network state is crucial for several innovative network optimization techniques. Essentially, incorporating knowledge about the overall network state into locally made decisions at decentralized nodes might improve the overall network performance. A node might for instance perform transitions between network mechanisms that are optimized for certain network conditions. However, an individual node's scope of the network is limited in practice since it is able to overhear the wireless channel only locally, and explicit notification about global network state would result in large overhead. Therefore, we seek to extend a node's view into the network by means of machine learning techniques.
Goal
The goal of this thesis is to estimate global metrics of a mobile ad-hoc network (MANET) by means of locally overheard information in a network simulation environment.
Literature review: Identify network optimization techniques that rely on global network knowledge and extract their requirements.
Define metrics: Make a list of global network properties that should be classified or estimated.
Identification of features: Identify potential features that can be obtained by traffic monitoring. Features that comprise relevant information about distant nodes might for instance be obtained by inspecting packet headers of the higher layers (e.g., network layer and transport layer).
Feature engineering and machine learning: Select and engineer features that can be obtained by overhearing the wireless channel.
Implementation: Run experiments with the ns-3 network simulator and evaluate the estimator's performance.
2017
Completed
Self-Replicating Malware for Wi-Fi Chips
Supervisor:
Matthias Schulz
2017
Completed
Understanding the Apple Auto Unlock Protocol
Supervisor:
Milan Stute
Description
Abstract of final thesis:
The Apple Watch provides the ability to automatically unlock a device running macOS when in proximity. The underlying proprietary protocol is called Auto Unlock (AU) and differs from other smart locking techniques. It uses a combination of two wireless technologies: Bluetooth Low Energy (BLE) and IEEE 802.11, to facilitate secure proximity detection. In this work we analyze the protocol by using reverse engineering and dynamic debugging. We show that AU uses both standardized protocols as well as proprietary techniques to implement a secure distance bounding protocol. With this knowledge, we discuss attack vectors and conduct a successful Man-in-the-Middle (MitM) attack on the protocol. Furthermore, we provide a starting point to allow implementations on other platforms by specifying the protocol and establish the foundation for further attacks.
2017
Completed
Investigating practical man-in-the-middle network attacks on IEEE 802.11 ad
Supervisor:
Daniel Steinmetzer
2017
Completed
Wi-Fi based Covert Channels on Android Smartphones
Supervisor:
Matthias Schulz
2017
Completed
Evaluation of Latency Reduction Techniques for 5th Generation Mobile Network
Supervisor:
Arash Asadi
2017
Completed
Extension of the Open Visible Light Communication Driver for Linux
2017
Completed
ACE security profiles for the IoT
2017
Completed
Securing SCADA Protocols
2017
Completed
OAuth 2.0 for IoT: IPsec channel establishment and authorized resource access in the IoT
Supervisor:
Max Maass
To secure the Internet of Things (IoT) while keeping its interoperability with today’s Internet is crucial to unleash the full potential of the IoT. Authentication and Authorization are fundamental guarantees to enable further security and operational challenges. To fulfill these guarantees in complex and diverse scenarios, we propose a solution based on the Authentication and Authorization for Constrained Environments (ACE) Framework, a token-based authorization, and authorization. Our solution, the IPsec profile for ACE, builds on the IPsec protocol suite and the Internet Engineering Task Force (IETF) IoT stack to provide network layer security and IPsec channel establishment based on token provisioning for constrained devices. The Direct Provisioning (DP) of Security Association (SA), symmetric-based authenticated establishment (Internet Key Exchange Protocol version 2 (IKEv2) in Pre-Shared Key (PSK) mode), and asymmetric key-based authenticated establishment (IKEv2 in Certificate-based Public Key (CPK) mode) are specified as ways to establish SAs, i.e., IPsec channels. We provide an implementation for Contiki, an Operating System (OS) for constrained devices such as the Zolertia Firefly. Furthermore, we evaluate our protocol design providing an lower bound for the performance of the profile. The evaluation includes network latency and processing time, energy consumption, memory footprint and packet sizes for the different SA establishment methods. The results provide a benchmark for the different protocol steps as well as aggregated measures for each of the evaluated setups. Our evaluation showed that the DP establishment has the smallest memory footprint and ACE packet size, and at the same time the highest performance. In the other hand, the authenticated establishment featuring IKEv2 in CPK mode, shows the largest memory footprint and packet size, together with the lowest performance of the three SA establishment methods. The trade-off regarding Random Access Memory (RAM) and Read-Only Memory (ROM) footprint, power consumption and network latency and processing time and security guarantees are also described.
2017
Completed
Reverse Engineering the Apple Wireless Direct Link Protocol
Supervisor:
Milan Stute
Flor Maria Alvarez Zurita
Apple Wireless Direct Link (AWDL) is a proprietary and undocumented 802.11 based peer-to-peer protocol. It is implemented in all of Apple's operating systems. In this thesis a reverse engineering method using binary analysis complemented by runtime analysis with traces and logs was applied. We found that each device in AWDL provides its own channel sequence. An elected master node is used to synchronize these sequences. Outside these windows of time, devices can use their wireless radio for other protocols or save energy by turning it off. Each node adapts its channel sequence, e.g. depending on network load, shifting the ratio between infrastructure and peer-to-peer Wi-Fi. This thesis also provides a first analysis of AWDL, includes the frame format documentation and presents a Wireshark dissector and a prototype implementation for AWDL.
2017
Completed
Collide, Collate, Collect: Recognizing Senders in Wireless Collisions
Supervisor:
Robin Klose
Description
With wireless mobile IEEE 802.11a/g networks, collisions are currently inevitable despite effective counter measures. This work proposes an approach to detect the MAC addresses of transmitting stations in case of a collision, and measures its practical feasibility. Recognizing senders using cross-correlation in the time domain worked surprisingly well in simulations using Additive White Gaussian Noise (AWGN) and standard Matlab channel models.
Real-world experiments using software-defined radios also showed promising results in spite of decreased accuracy due to channel effects. During the experiments, various Modulation and Coding Schemes (MCSs) and scrambler initialization values were compared. Knowledge about which senders were transmitting leading up to a collision could help develop new improvements to the 802.11 MAC coordination function, or serve as a feature for learning-based algorithms.
Motivation
Collisions on wireless networks most likely lead to packet losses. Current network protocols typically recover from these situations by retransmissions. In doing so, the overall network capacity is reduced and the network delay increases with the amount and duration of collisions. However, collided frames may still reveal valuable information that might be suitable for advanced protocol designs.
Goal
Detect frame alignments of collided frames at the PHY.
Devise techniques to detect known data, such as MAC header fields.
Analyze real network scenarios with respect to collisions, classify observed events (e.g., pairs of hidden terminals) and generate statistics.
2017
Completed
Decompilation and Automated Analysis of b43 Assembly Code used in Broadcom WiFi Chips
2017
Completed
Practical use of network coding to sustain robustness in secure mobile ad hoc communication
2017
Completed
Neighbor Discovery and Maintenance under Mobility in mmWave-based Mesh Networks
Supervisor:
Daniel Steinmetzer
Milan Stute
2017
Completed
Secure localization and distance bounding with IEEE 802.11
Supervisor:
Matthias Schulz
2017
Completed
Modification of LTE firmwares on Smartphones
2017
Completed
Implementation of a Contextual Framework for Secure Device Pairing Methods on Android
Supervisor:
Mikhail Fomichev
Motivation
With the proliferation of numerous personal gadgets and smart devices, device pairing has become prominent in introducing security to such a diverse environment. Clearly, the process of secure device pairing is much more ambiguous than previously thought. This stems from the fact that there is no coherent vision of the pairing problem among the research community. To this end, we see that there is a plethora of various pairing protocols that have been proposed many of which are insecure or fail to work in practice. Clearly, there is no single winner in a device pairing race.
Goal
Correspondingly, one solution to such a problem is to support several pairing methods. However, from a user prospective this may create an additional burden. On top of that, some pairing protocols may be less appropriate security‐wise in certain scenarios. For instance, if a paring method relies on audio but is used in a noisy environment, this creates an additional attack vector or causes reliability issues. Another example are visual paring techniques used in a public place, which can be subject to shoulder surfing.
Overall, in this thesis you will research which contextual information that can be gathered by a modern smartphone can augment in secure device pairing. We already have a working Android implementation which performs different methods of device pairing.
More specifically, your task is to identify which factors can be potentially hazardous or beneficial for a certain pairing method in a particular scenario. The context that we are going to incorporate includes both the environmental information as well as the user input (feedback, preferences, etc.). Hence, you'll take measurements on the smartphone to rate the environmental information, and perform a small user study (20-30 users) on the device pairing usability.
2017
Completed
Design, Implementation and Evaluation of a Privacy-preserving Framework for Trust Inference on Android
Supervisor:
Mikhail Fomichev
2017
Completed
Nexman-based Wireless Penetration Testing Suite for Android
Supervisor:
Matthias Schulz
2017
Completed
Design, Implementation and Evaluation of Realistic Scenarios and Movement Models for Natural Disasters Using Simulations for Delay Tolerant Networks
Supervisor:
Milan Stute
Max Maass
Description
Seeing the continuous increase in natural disasters around the world, many people are contemplating how to contribute helping those in need. Among them are several computer scientists who fulfil their share by developing technology which enables fast and reliable communication in disaster areas. We were inspired by their work and thus wanted to further improve the state-of-the-art. DTN is a specific technology which can be used for the creation of alternative networks in disaster areas, where conventional ones are unavailable due to the inevitable destructions implied by the disaster. Given that such technology is usually evaluated within network simulators we exclusively focus on improving the state-of-the-art of movement models and scenarios utilized within such simulators. The very random driven, and thus not realistic, state-of-the-art is improved by our contribution in the form of a fully designed, implemented, and evaluated realistic natural disaster movement model with underlying scenarios. The results of our evaluation indicate that previously published results might be too optimistic. Thus, further approximations to reality are inevitable for more accurate simulation of DTN, in the goal to ultimately obtain better and more realistic results.
2017
Completed
TETRA Security Analysis by Fuzzing
Supervisor:
Jiska Classen
2017
Completed
Improving a Linux Device Driver for Visible Light Communication
Supervisor:
Jiska Classen
2017
Completed
Implementierung des unteren MAC-Layers für die OpenVLC Hardware
Supervisor:
Jiska Classen
2017
Completed
Implementation of a Physical Layer for Visible Light Communication using the OpenVLC platform
Supervisor:
Jiska Classen
2017
Completed
Detecting WiFi Covert Channels
Supervisor:
Jiska Classen
2017
Completed
Design and Evaluation of a Hybrid SDR Testbed For Visible Light Communication and Wi-Fi
Supervisor:
Jiska Classen
2017
Completed
Absicherung von SCADA-Protokollen
Supervisor:
Jiska Classen
2016
Completed
A Framework for Adaptive Energy-efficient Neighbour Discovery in Oppertunistic Networks
Supervisor:
Flor Maria Alvarez Zurita
2016
Completed
Implementation of infrastructureless BFPSI on Android
2016
In progress
60 GHz Millimeter Wave Medium Access Control
Supervisor:
Allyson Sim
Description
The state-of-the art of the channel access sharing in millimeter-wave and non-millimeter wave communications.
Define the challenges that are important to have an optimal sharing between medium access.
Development of a simulation tool or a simple test-bed to analyze the result of the proposed technique.
Motivation
Due to the limitation of bandwidth at the lower frequency band and extreme increase in the demand for high quality multimedia content transmission, 60 GHz serves a key solution to this problem. Further, 60 GHz is foreseen to be the upcoming frequency for Wifi networks. However, there are many interesting challenges for medium access due to the unique propagation at this frequency.
Vision
This project is aimed to find out the solution to the sharing the different medium accesses techniques based on the data traffic.
2016
In progress
Concurrent transmission D2D millimeter-wave
Supervisor:
Allyson Sim
Motivation
Directional transmission used for millimeter wave communication arises many challenges. However, extreme spatial sharing of the millimeter wave spectrum boost the throughput per area by a significant amount. The increase in per area throughput is nevertheless still an open research!
Goal
Literature review on the existing concurrent wireless transmission in microwave and millimeter wave.
Identify the challenges of concurrent transmission using millimeter wave.
New contribution
Propose possible ways to solve the problem found
OR
Evaluation of concurrent transmission using off-the-shelf devices.
2016
Completed
Secure Context Migration between IEEE 802.11 Networks
Supervisor:
Marc Werner
2016
Completed
Probe request tracking in WiFi firmware
Supervisor:
Matthias Schulz
2016
Completed
Reactive, Smaratphone-based Jammer for IEEE 802.11 Networks
2016
Completed
Secure key exchange protocol for a group communication during emergency responses
Supervisor:
Flor Maria Alvarez Zurita
2016
Completed
Utilizing Secure Elements to Establish Authentication in MANETs on Android
2016
Completed
Design and Implementation of a Service-Oriented Architecture for Large-Scale Testbed Management
Supervisor:
Marc Werner
Description
Wireless Multihop Network testbeds are often distributed over large physical areas and have many devices which renders management challenging. A multitude of diverse frameworks are available to assist in the management of such testbeds. Properties like scalability, heterogeneous hardware support and effortless testbed configuration are a self-evident goal for these frameworks. However, this combination is hard to achieve and the exact requirements vary for different testbeds. Instead of providing a completely new and tailored experimentation framework, I propose Panopticon, a service oriented management framework, providing a lower layer to intercept and improve existing functionality. It slices large, distributed testbeds into dynamically sized subunits, offering a granular choice in testbed experimentation frameworks for every slice. Such an exper- imentation framework can be selected regarding the exact experiment’s requirements and not as a compromise between all available testbed components. Panopticon’s list of services can be extended, offering simple entry points for new, custom implementations. It is a framework federating network enabled infrastructures.
2016
Completed
Energy efficient WiFi analysis framework on smartphones
Supervisor:
Milan Stute
2016
Completed
Unified Multi-modal Secure Device Pairing for Infrastructure and Ad-hoc Networks Bachelor Thesis
Supervisor:
Daniel Steinmetzer
Motivation
Todays technologies heavily rely on wireless communications. Our mobile devices connect to infrastructure devices such as wireless routers, perform ad-hoc connections among each other and connect to peripheral devices such as smart watches, fitness tracker and headsets. However, since security is essential in most application scenarios, authentication is a big challenge. To join a wireless network pre-shared credentials are required. Pairing in proximity via bluetooth requires the same pin to be entered on both devices. This proceeding is inconvenient and differs for different kinds of devices. Although, user-friendly and secure pairing mechanisms utilizing multi-modal technologies are proposed, no unified solution exists, yet.
Goal
In this thesis you elaborate different kind of pairing mechanism and analyze their security regarding various attacks. You design a unified multi-modal pairing protocol and implement a prototype on Android.
Your protocol combines pairing strategies over different communication technologies (e.g. WiFi, Bluetooth, NFC, sound, light) and selects a suitable subset matching the devices capabilities. Since some strategies are easier to intercept than others, your protocol attests the paring procedure for retrospective trust estimation in application context. With your proposal we show that a unified multi-modal paring is feasible for both infrastructure and ad-hoc networks with flexible security requirements.
2016
Completed
Unified Multi-Modal Device Pairing in Infrastructure and Ad-hoc networks
Supervisor:
Daniel Steinmetzer
2016
Completed
A Systemfor Privacy-Preserving Mobile Health and Fitness Data Sharing: Design, Implementation and Evaluation
2016
Completed
Reverse Engineering Apple's Multipeer Connectivity Framework and Implementation on the Android platform
Supervisor:
Matthias Schulz
2016
Completed
Enabling Seamless Transitions betweegn Cyrptographically Secured
Supervisor:
Marc Werner
2016
Completed
TETRA Fuzzing
Supervisor:
Jiska Classen
2016
Completed
Location Privacy of Digital Trunked Radio
Supervisor:
Jiska Classen
Robin Klose
2015
Completed
Infecting the Wire: Wireless Eavesdropping, Packet Injection and Reactive Jamming on Wired 10Base-T IEEE 802.3 Ehternet Networks
2015
Completed
Privacy and anonymity risks on Android
2015
Completed
Performance evaluation of an anonymous communication system on a mobile device
2015
Completed
Implementation and Evaluation of PUF-based Cryptographic Kex Generation Schemes on FPGA
2015
Completed
Design and Evaluation of a supervised machine learning based Intrusion Detection System for WSN
Supervisor:
Michael Riecker
2015
Completed
Securing Efficient Network Flooding and Time Synchronization for Ultra-Low Latency Communication in Wireless Sensor Networks
2015
Completed
Design and Implementation of lichtweight attestation for embedded systems
2015
Completed
Intrusion Detection using Data Mining
2015
Completed
Audio-based Covert Channels on Smartphones
2015
Completed
Wireless Eavesdropping and Pocket Injection in Ethernet Networks
Supervisor:
Matthias Schulz
2015
Completed
Secure Transitions
Supervisor:
Marc Werner
2015
Completed
Design, Implementation and Evaluation of a System Information Service
2014
Completed
Measuring the Impact of Denial of Service Attacks on Wireless Sensor
2014
Completed
Protecting User Privacy by Learning from Mobile Communication Data
2014
Completed
Design, Integration and Evaluation of Real-time Notifications
2014
Completed
Network ID: Self-Provisioning Service Proxy
Supervisor:
Marc Werner
2014
Completed
Let's go WARP: Integrating the Click Modular Router and the Wireless Open-Access Research Platform
Supervisor:
Matthias Schulz
2014
Completed
Delay-tolerant routing for emergency networks
Supervisor:
Michael Noisternig
2014
Completed
Signal Pre-Processing in a Physical Layer Based Key Management System for Wireless Communications
2014
Completed
Statistically analysing the Impact of
Supervisor:
Michael Riecker
2014
Completed
Security Analysis of Physical Layor Key Exchange Mechanism
2014
Completed
Implementation and Detection of culluding injection attacks by means of active probing
2014
Completed
Decentralized Privacy-preserving Location Mechanism
Supervisor:
Delphine Christin, Jun.-Prof. Dr-Ing.
2014
Completed
Corridor Building in Wireless Multihop Networks
2014
Completed
Outlier Detection in Wireless Sensor Networks
Supervisor:
Michael Riecker
2014
Completed
Realtime aggregation and spatial visualization of emergency messages
2013
Completed
Security Mechanisms for Emergency Response Networks
2013
Completed
Design, Implementation and Evaluation of Incentive Schemes for Mobile Sensing Applications
Supervisor:
Delphine Christin, Jun.-Prof. Dr-Ing.
2013
Completed
Physical layer path signatures for wireless multihop networks
2013
Completed
Improving of the detection mechanism of an open-source intrusion detection system
Supervisor:
Rodrigo do Carmo
2013
Completed
Practical Physical Layer Security in MIMO Systems using Software Defined Radios
2013
Completed
Implementation of a cross-layer technique for an OFDM-based Wiresell Mesh Network
2013
Completed
Geographic Routing Based on Physical Layer Information for Wireless Multihop Networks
2012
Completed
Performance-based Intrusion Detection in Wireless Sensor Networks
Supervisor:
Michael Riecker
2012
Completed
Mobile Phones as Sensors for Intrusion Detection in Wireless Mesh Networks
2012
Completed
Secure Modular Protokolls for Wireless Multihop Networks
2012
Completed
Implementation and Evaluation of Opportunistic Mobile Ad Hoc Networks
Supervisor:
Delphine Christin, Jun.-Prof. Dr-Ing.
2012
Completed
Design, Implementation, and Evaluation of User Interfaces for Decentralized Privacy-Preserving Mechanisms
Supervisor:
Delphine Christin, Jun.-Prof. Dr-Ing.
2012
Completed
Towards Strong Anonymity in Delay-Tolerant Networks
2012
Completed
Increasing Privacy Awareness through Intuitive Interfaces for Participatory Sensing Applications
Supervisor:
Delphine Christin, Jun.-Prof. Dr-Ing.
2012
Completed
Methods for Trust Assessment in Participatory Sensing Scenarios
Supervisor:
Delphine Christin, Jun.-Prof. Dr-Ing.
2012
Completed
Secure Monitoring of Wireless Sensor Networks
Supervisor:
Michael Riecker
Dingwen Yuan
2012
Completed
On the Efficiency of Privacy-preserving Path Hiding for Participatory Sensing Applications
Supervisor:
Delphine Christin, Jun.-Prof. Dr-Ing.
2012
Completed
Dynamic Subchannel Allocation in OFDMA-Based Wireless Mesh Networks
2012
Completed
Decentralized Trust Models for Participatory Sensing
Supervisor:
Delphine Christin, Jun.-Prof. Dr-Ing.
2011
Completed
Privacy-aware Tasking for Participatory Sensing Applications
Supervisor:
Delphine Christin, Jun.-Prof. Dr-Ing.
Dr. N. Repp
2011
Completed
Machine Learning-based Anomaly Detection in Wireless Sensor Networks
Supervisor:
Michael Riecker
2011
Completed
A Framework for Privacy Metrics in Participatory Sensing Scenarios
Supervisor:
Delphine Christin, Jun.-Prof. Dr-Ing.
2011
Completed
Improving Link Quality in Wireless Sensor Networks
2011
Completed
Generation, Distribution and Verification of Sensor-based Credentials for Participatory Sensing Scenarios
Supervisor:
Delphine Christin, Jun.-Prof. Dr-Ing.
2011
Completed
Methods to Identify and Classify Social Links: Design and Implementation
Supervisor:
Delphine Christin, Jun.-Prof. Dr-Ing.
2011
Completed
Implementation and Evaluation of a Mechanism to Preserve Location Privacy in Participatory Sensing Scenarios
Supervisor:
Delphine Christin, Jun.-Prof. Dr-Ing.
2011
Completed
Anonymity and Reputation in Participatory Sensing
Supervisor:
Delphine Christin, Jun.-Prof. Dr-Ing.
2011
Completed
Security Solutions for Geographic Routing in Wireless Multihop Networks
2011
Completed
Realization of a Testbed and Analysis of Attacks against Routing Mechanisms in Mobile Ad hoc Networks
2010
Completed
Mitigating Attacks on IEEE 802.11s Security Mechanisms
2010
Completed
Fine-gained Access Control Enabling Privacy Support in Participatory Sensing
Supervisor:
Delphine Christin, Jun.-Prof. Dr-Ing.