Open Theses

18 Entries found


Implementing an LLVM backend for Broadcom's D11 core

Bachelor Thesis, Master Thesis, Diploma Thesis, Student Research Project

Wi-Fi based Key Exchange on Android Smartphones

Bachelor Thesis, Master Thesis, Diploma Thesis, Student Research Project

Open Sesame? Security Analysis of Auto Unlock using Apple Watch

Bachelor Thesis, Master Thesis, Diploma Thesis

Using their current operating systems, it is possible to automatically unlock a Mac with a paired Apple Watch. The Auto Unlock protocol relies on Bluetooth and Apple’s proprietary WiFi extensions known as Apple Wireless Direct Link (AWDL) which is currently being reverse engineered in our group.

Your job is to find out more about the workings of the protocol and assess the security properties of the system. For example whether it is possible to mount a wormhole attack to allow an adversary to remotely unlock the computer.

TETRA Security

Bachelor Thesis, Master Thesis, Diploma Thesis

We have a basic fuzzing framework for a digital trunked radio protocol, TETRA, which is used by public services. First tests showed that devices implementing this protocol have severe security issues, for example, freezing and rebooting devices with minor packet modifications is possible. Since this technology is used by emergency services and big companies, these security issues are very critical, and hence need to be revealed and fixed.

Disruption-Tolerant Networks (DTNs) can be used as a communication means in the emergency context when communication infrastructure is unavailable. In DTNs, mobile user devices such as smartphones act as “data mules”: they store, carry and forward messages. Unfortunately, the “storing” part is especially vulnerable to denial-of-service (DoS) attacks since an attacker can flood the network with bogus information and, thus, replace or purge valid messages from a node’s buffer.

In this thesis, you will implement and evaluate a novel, DoS-resistant buffer management scheme in IBR-DTN [1], DTN implementation written in C++, which also runs on standard Android smartphones.

[1] IBR-DTN.

CSMA/CD for Wi-Fi

Master Thesis

Carrier Sense Multiple Access with Collision Detection (CSMA/CD) is a technique used in wired networks like Ethernet (IEEE 802.3) to improve network performance by efficient medium access. When a collision is detected, the colliding nodes terminate their transmissions to keep the collision time as short as possible. This effectively improves the utilization of the transmission medium, since less time is spent in collisions and the time between transmission attempts is reduced.

In wireless networks, however, CSMA/CD is generally assumed to be impractical due to the physical characteristics of the wireless channel. In fact, the power of a signal degrades by orders of magnitudes on its way from transmitter to receiver due to free space path loss and signal propagation effects, such as attenuation and reflections. Therefore, even if a transmitter was equipped with a separate receive antenna, its own transmission would typically drown out the weak signals from other transmitters, which would render the detection of weak signals impossible. Nevertheless, recent research has demonstrated that self-interference cancellation techniques become feasible, which allows to design full-duplex radios [1]. This might effectively be key to the design of CSMA/CD for IEEE 802.11-based networks, allowing for enhanced network performance under high load conditions [2].

[1] Mayank Jain, Jung Il Choi, Taemin Kim, Dinesh Bharadia, Siddharth Seth, Kannan Srinivasan, Philip Levis, Sachin Katti, and Prasun Sinha. "Practical, Real-Time, Full Duplex Wireless", 17th annual international conference on Mobile computing and networking (ACM MobiCom '11). Las Vegas, Nevada, USA, 2011, pp. 301-312.
[2] Konstantinos Voulgaris, Athanasios Gkelias, Imran Ashraf, Mischa Dohler and A. H. Aghvami. "Throughput Analysis of Wireless CSMA/CD for a Finite User Population", IEEE Vehicular Technology Conference, Montreal, Quebec, CA, 2006, pp. 1-5.

Knowledge of global network state is crucial for several innovative network optimization techniques. However, these techniques are often evaluated in simulation environments with omniscient knowledge about the network at individual nodes, which is not realistic in practical scenarios. In fact, an individual node's scope of the network is limited in practice since it is able to overhear the wireless channel only locally, and explicit notification about global network state would result in large overhead.

In this thesis project, you are going to engineer features and learning algorithms that allow nodes to gain knowledge about distant parts of a network just by overhearing the wireless channel. The difficulty is to identify features that comprise valuable information from distant nodes, which we believe might be feasible since multi-hop packet transfers may implicitly allow to monitor how distant nodes interact with the network.

 This topic is for you if you are interested in machine learning, wireless networks, and practical experimenting. The project might be co-supervised by another researcher from the collaborative research center MAKI, who is specialized either in the field of topology control, autonomous agents or machine learning techniques.

Bluetooth allows direct device-to-device communication, for instance, between smartphones. Especially BT Low Energy was conceived to be very energy-efficient. This is why vendors allow Bluetooth background operation which is crucial for Disruption-Tolerant Networks (DTNs) as smartphones act as data mules and therefore have to accept new “bundles” as they pass other nodes without user interaction.

In this thesis, you will first explore whether Bluetooth (Low Energy) is a suitable candidate link layer for ad hoc and disruption-tolerant networks. This includes energy efficiency, transmission speed, disruption tolerance, and cross-vendor compatibility.

Finally, you will implement a Bluetooth convergence layer in IBR-DTN [1] to enable DTN communication between (Android) smartphones without infrastructure.

  • BT/BT-LE performance/practicality analysis
    • Energy consumption (scanning, data transmission, …)
    • Transmission speed (1-1, 1-n, …, depending on distance, …)
    • Disruption tolerance (how long does it take for BT to realize that a connection is broken?)
    • Cross-vendor (Android, iOS, …)
  • Implement a BT convergence layer for IBR-DTN [1]
    • Neighbor discovery (energy efficient, …)
    • Data transmission (based on TCPCL?)



Recently, first consumer hardware that supports wireless communication in the 60 GHz band according to IEEE 802.11ad became available. We are investigating state-of-the-art routers and obtained access to a WiFi chip at firmware level. Unfortunately, implemented algorithms are not well documented and need further analysis. Especially those protocols for beam steering and rate adaption--the backbone of wireless communication at ultra high frequencies--are encapsulated in a "black box". In long term, we aim to adjust parts of this algorithms, establish a practical testbed and enhance performance and security of 60 GHz wireless communication. A bachelor or master thesis is this area might investigate specific aspects. Tasks can be for example:

- develop an low layer API to control radio and antenna parameters

- integrate efficient sector sweep algorithms for fast link establishment

- investigate low layer attacks on current systems 

- assess the threat of directional jamming

Students should not be afraid of analyzing binary data and disassembly. Experience with IDA Pro is recommended.

Prof. Dr.-Ing. Matthias Hollick

Technische Universität Darmstadt
Department of Computer Science
Secure Mobile Networking Lab 

Mornewegstr. 32 (S4/14)
64293 Darmstadt, Germany

Phone: +49 6151 16-25472
Fax: +49 6151 16-25471

A A A | Drucken Drucken | Impressum Impressum | Sitemap Sitemap | Suche Suche | Kontakt Kontakt | Webseitenanalyse: Mehr Informationen
zum Seitenanfangzum Seitenanfang