Zur JKU Startseite
Institut für Netzwerke und Sicherheit
Was ist das?

Institute, Schools und andere Einrichtungen oder Angebote haben einen Webauftritt mit eigenen Inhalten und Menüs.

Um die Navigation zu erleichtern, ist hier erkennbar, wo man sich gerade befindet.

Themen für Masterarbeiten.

Themen für Master's Thesis Seminar und Project in Network and Security

  • Verifiable builds and hosting of secure messaging apps

Abstract: Secure, private, end-to-end encrypted messaging apps like Signal or Wire are available as open source, but typically installed in binary form through the various app stores. This Master project/thesis has the main goal of evaluating multiple open source messaging apps in terms of reproducibility and/or verifiability of the apps, and, if possible, the server side code. The motivation is to ascertain that app binaries were not modified - e.g., during transmission or because the organizations or app stores were legally compelled to do so. An ideal outcome is a virtual machine setup that automatically re-builds new versions of apps when new source versions are released and to compare with the publicly distributed binaries, potentially flagging any differences through a web page or adding them to a public transparency log if they are verified to be equal. Additionally, server side code for the respective app should be hosted in another virtual machine as alternative instances for the apps to connect to: both for experimentation purposes and in case any of these messaging apps become unavailable in this region, e.g., because of legal limitations caused by future Chatcontrol regulation.

Kontakt:
Rene Mayrhofer

 

  • Comparison of Firewall Rulesets in OpnSense, OpenWRT, and RouterOS

The aim of this project is to take an exemplary firewall rule set defined for the OpnSense firewall (using FreeBSD PF as the basis) and duplicate as many details as possible in a current OpenWRT (using the Linux netfilter based fw4 system) and RouterOS (with Mikrotik RouterOS CLI translating to Linux iptables rules). Based on this example, the main differences should be documented as findings for advantages/disadvantages of the respective systems. The example rule set should include multiple (VLAN) interfaces, a mix of IPv4 and IPv6 hosts and rules, different layer 4 protocols, and some special cases like multicast packet handling. A complete example with these aspects will be made available as part of the task.
It is possible to extend this project towards a Master's thesis by including additional aspects such as comparative performance analysis, integration with VPN tunnels and dynamic routing, software mitigations for security relevant bugs in the respective kernels and network stacks, etc.

Kontakt:
Rene Mayrhofer
Michael Roland
Michael Sonntag

 

  • Ingest probable location data using a Large Language Model

In the CDL Digidow (digidow.eu) ecosystem, users have complete control over their Personal Identity Agent (PIA), which can perform tasks, such as unlocking doors based on data gathered from sensors in the surrounding environment.
One aspect of securing this system is that the PIA should be aware of their user's current activities, so it can judge if the person in front of the door might actually be an impostor.

Two potential digital sources of such information, to take into account are the user's email account and calendar.
The goal of this project is live-scanning this data, extracting relevant information like booked trains, flights, hotels, or other appointments, and outputting any identified events to the PIA's location model.

You should use techniques like prompt engineering and agent-based approaches (no training or long-running fine-tuning) with existing local LLMs.
You should expect to write some regular code in a reasonable language of your choice to continuously ingest input and forward the LLMs outputs.
Your solution should maintain a list of detected future events, in an agreed-upon format, which the LLM can update and the location model can consume.

Kontakt:
Rene Mayrhofer
Martin Schwaighofer

 

  • DEPS Project - Problem A

Problem description:
Industrial-scale reverse engineering is a big problem, with estimated losses for the industry at 6,4 billion dollars in 2022 in Germany alone. A closer look at the problem shows that typically the main effort needed to steal the intellectual property of companies producing machines controlled by software, resides on replicating hardware, since software can often be copied verbatim with no reverse engineering effort required.

Approach:
In DEPS we aim to change this status quo by means of a novel copy protection mechanism that “glues” a program P to a specific machine M. More concretely, we propose to subtly change P into a (reflective) program P ′ which will turn itself into P at run time, only if it is run in the target machine M. If P ′ is executed in a machine M′ other than M (even if M′ is a clone of M), it will then behave incorrectly, i.e., differently than P. Clearly, for this approach to work, the changes that P ′ needs to make to its code to become P at run time need to be well protected. This can be achieved by making these changes dependent on physically unclonable properties of the target machine M, via a physically unclonable function (PUF).

Task:
We would like you to work with us in a proof of concept of this novel protection mechanism, developing a prototype application of the protection applied to an example program P that controls a critical functions of a track tamping machine produced by our company partner Plasser & Theurer. The task is to implement the described protection mechanisms using reflection (i.e., self-modifying code) and a provided PUF. We will provide you with a detailed high-level specification of the mechanism and support you to refine it to the required level of abstraction, i.e., to its prototype implementation.

Prerequisites:
If you apply for this project, we expect you to have good programming and problem solving skills, preferably in C and C++.

Contacts at SCCH:
Dr. Flavio Ferrarotti
Univ.-Prof. Dr. Juliana Bowles
Organisatorische Fragen: Rene Mayrhofer

DEPS Project - Problem B:

Problem description:
In man-at-the-end (MATE) software attacks, attackers target assets embedded in software. By means of reverse engineering they try to steal confidential information, such as intellectual property in the form of algorithms. MATE attackers can mount sophisticated attacks, as they can tamper with software and data in their labs, where they have all kinds of software aids, such as debuggers, tracers, emulators, and customized operating systems; and hardware aids such as developer boards with (JTAG-based) hardware debuggers. Software protection techniques developed in our project DEPS transforms code to prevent situations where MATE attackers can steals the intellectual property of companies producing machines controlled by software. In the current industrial landscape, attackers concentrate their effort on replicating hardware, since the software components can usually be copied verbatim with no or very little reverse engineering effort required. Industrial-scale reverse engineering is a big problem, with estimated losses for the industry at 6,4 billion dollars in 2022 in Germany alone.

Task:
We want to evaluate thoroughly the protection mechanism developed in DEPS by modelling the most relevant relations between:

  1. (i) assets, 
  2. (ii) the software those assets are embedded in, 
  3. (iii) deployed protections, 
  4. (iv) individual attack steps and tools and methods to perform attacks on those protections and on the assets,
  5. (v) possible paths of attack that start from scratch and through which attackers can reach their ultimate reverse-engineering end goal, i.e., stealing the original asset.

For that, we propose to adapt and instantiate the meta-model for software protections and reverse engineering attacks proposed in https://www.sciencedirect.com/science/article/abs/pii/S0164121218302838, öffnet eine externe URL in einem neuen Fenster with the specific DEPS protection approaches, protection goals and reverse engineering attacks applicable to our case studies, building a Knowledge Base to perform risk analysis.  

Prerequisites: Solid knowledge of software security fundamentals. Knowledge of risk analysis techniques and/or reverse engineering techniques would be ideal.

Contacts at SCCH:
Dr. Flavio Ferrarotti
Univ.-Prof. Dr. Juliana Bowles
Organisatorische Fragen: Rene Mayrhofer
 

  • Evaluating Attack Scenarios against Large Language Models

Abstract: Large Language Models (LLMs) like (Chat)GPT, LLaMA, Alpaca, etc. are currently being evaluated or already being put into use in many new scenarios, including decision-making processes. The aim of this thesis is to experiment with, evaluate, and potentially develop counter-measures to text-based attack scenarios for such LLMs. A starting point are the various (local or cloud hosted) chat based interfaces to interact with such models: by engineering text prompts to explicitly make models misbehave, that is, emit answers that seem counter to the intention of the respective scenario, the thesis should document a first starting set of attacking prompt types. Based on such attack prompts, the next question is how these prompts can be fed into LLM-using systems in specific scenarios, e.g. for filtering resumes of job applicants, preparing reviews of scholarly documents, or summarizing news sources. Potential approaches include hiding the attack prompts in various file formats such as HTML or PDF in a way that human reviewers will not notice the hidden prompts but LLMs acting on those files will receive them as input. Ideally, the thesis will end with a classification of attack prompt classes and injection methods for a starting set of LLM based services. Students interested in this topic should have a basic understanding of how machine learning in general and LLMs in particular as well as a strong interest in working around the usual constraints of a system to "think outside the box".

Kontakt: Rene Mayrhofer

  • Evaluation of FIDO2 security key attestation

[FIDO2](https://fidoalliance.org/fido2/, öffnet eine externe URL in einem neuen Fenster) is a standard for secure privacy-preserving cryptographic login to websites. FIDO2 tokens (or security keys) can be used as second-factor in addition to password-based login or as a standalone authentication token for [passwordless login](https://www.yubico.com/authentication-standards/fido2/, öffnet eine externe URL in einem neuen Fenster). In order for a website to determine if a user's FIDO token is sufficiently trustworthy, tokens implement an [attestation mechanism](https://fidoalliance.org/fido-technotes-the-truth-about-attestation/, öffnet eine externe URL in einem neuen Fenster). The goal of this thesis project is to analyze the capabilities (e.g. supported cryptographic algorithms) of current FIDO2 hardware (and software) tokens and to analyze their attestation mechanisms (particularly in terms of certificate chains).

Kontakt: Michael Roland

  • Evaluation of Tor relay performance

Can the Tor client experience be improved by limiting a Tor client to a subset of the available Tor relays? What criteria would be best suited to select a high-performance subset?
The goal of this thesis is to answer these questions by analyzing the performance differences between Tor relays based on grouping them by publicly available attributes. Possible criteria could include (but are not limited to) the flags they have obtained (e.g. only using stable or fast relays for all connections), the port number they accept connections on, their age, their advertised bandwidth, etc.  

Kontakt: Michael Roland

  • Privacy on Smartphones

Protecting privacy on smartphones has been recognized as a vital factor because portable devices operate nowadays with more and more sensitive personal data (location/geotags, contacts, call history, text messages, photos, physical health, etc.). The goal of this work is to extend the Android Device Security Database (which is more focused on security, see https://www.android-device-security.org/, öffnet eine externe URL in einem neuen Fenster) to privacy attributes and indicators (e.g. privacy policies, user profiling, network traffic analysis, company resolution) for various OEMs/models.

Kontakt: Jan Horacek

  • Anomaly Detection in Cybersecurity

Abstract: Anomaly detection systems (such as ones implemented in EDR or IDS) are very useful tools that help blue teams, e.g., to identify exploitation of zero-day vulnerabilities. They are designed to detect (unusual) malicious activity based on events. The techniques used to find anomalies are very broad - ranging from predefined rules to deep learning methods. Furthermore, the scenarios that are relevant to this topic are quite extensive (LAN security, DDoS, UEBA, DLP, etc.). The thesis should address at least the first three points:

1. Scope: pick a scenario, explain the use cases and create appropriate test data/benchmarks (if they do not exist)
2. Methods: describe detection techniques including the underlying theory that suit the scope defined in 1.
3. Implementation: implement the techniques mentioned in 2. (preferably in python) and compare the performance, discuss the usability
4. Visualization: how to visualize events and anomalies in a system?
5. Research: improve some published results

Kontakt: Jan Horacek

  • Reading machine readable ID documents on Android

Abstract: The goal of this project is to create an open source implementation of an Android app to read and verify data from machine readable ID documents via NFC (such as eMRTD/electronic passport).

Kontakt: Michael Roland

  • Mobile driving license reference implementation

Abstract: The goal of this project is to implement the current standard for mobile driving licenses (ISO/IEC 18013-5) on Android.

Kontakt: Michael Roland

  •  Security analysis of the Linux kernel in Mikrotik RouterOS

Abstract: Mikrotik RouterOS is a Linux kernel based embedded operating system for network routers, switches, access points, etc. While the userspace components are closed source, patches and configuration options for the used Linux kernel are available. The goal of this project is to analyze which security vulnerabilities - especially remotely exploitable ones - are publicly known for the user kernel version and if/how they have been patched. Necessary skills for this project include reading/writing C, reading and applying patches to source code, and compiling and testing native C code.

Kontakt: Rene Mayrhofer

  • Security of e-scooters

TIER, Arolla, Wind, Lime, voi. ... after only two month e-scooters are all over Linz. The idea has been picked up pretty well and even the StVO (traffic rules) is going to be updated to bring (legal) clarity for the use of them. Besides all the positive voices, there is also quite some criticism, mainly about cityscape and safety. Above that, pushing to the market in such a short time frame also has the potential that security considerations have been left behind. Therefore, we are interested in various aspects of e-scooter security and have a few topics for master theses/projects to work on.
 

Kontakt: Michael Roland

  • Tracking of persons through Wi-Fi sniffing

The goal of this project is to passively collect and analyze Wi-Fi (802.11) packets with regard to information that could be used to track or even identify an individual person. In particular, 802.11 management frames, öffnet eine externe URL in einem neuen Fenster such as probe requests seem to broadcast usable information.
As a first step, you need to build an environment to passively collect (sniff) Wi-Fi communication and to extract the relevant data (possibly based on existing open source projects). Using that environment, you will collect and analyze data emitted from various mobile devices (particularly different smartphones, typically carried around in everyones pockets). Finally, you should be able to evaluate if that data could be used to track someone's movements around a building.

Kontakt: Michael Roland

  • Injecting URLs and other data to Smart TVs via DVB-T

The Institute of Networks and Security has software defined radio hardware that should be suitable to create and inject DVB-T signals into receivers such as Smart TVs. The aim of this thesis is to reproduce and potentially extend the work shown in https://www.youtube.com/watch?v=bOJ_8QHX6OA, öffnet eine externe URL in einem neuen Fenster on how injected HbbTV URLs are automatically opened/executed on some Smart TVs to allow a remote code execution.

  • Security analysis of the communication protocol of a MAVIC PRO drone

This project aims to investigate the two communication channels (Wi-Fi and a custom RF) of a commercial drone (http://www.dji.com/mavic?from=v3_landing_page, öffnet eine externe URL in einem neuen Fenster) and analyze the used communication protocol. Using a software defined network and state-of-the-art reverse engineering tools, your goal is to find potential security weaknesses and make suggestions on how to improve the existing protocols.

Kontakt: Rene Mayrhofer

  • Smart home security: preventing privacy leaks with home routers
  • E-Learning System für Websites am Beispiel RIS

Beispiels-Suchaufgaben mit Beobachtung des Benutzers (Eingabe, Mausbewegungen etc.) und adaptiven Reaktionen darauf (Verbesserungsvorschläge, Vorzeigen mit Maus&Eingabe + Audio-Kommentar); Zwei Varianten (ca. 10 Min. für Laien, ca. 90 Minuten für Profis)

Kontakt: Michael Sonntag

  • Translate security protocols specified in Alice&Bob notation to Scyther language

Alice&Bob notation has been widely used to describe security protocols. However, protocol verification tools such as ProVerif, Scyther, and Tamarin have their own specification language. We are therefore interested in developing a tool that allows translating an Alice&Bob specification to other languages that can then be used as input to different verification tools. The goal of this particular task is to build a tool that translates an Alice&Bob specification to Scyther specification. As Scyther does not support equational theories that are often used to model for instance Diffie-Hellman exponentiation, not all Alice&Bob specifications are convertible to Scyther's language. Nevertheless, many protocols such as Kerberos and Needham-Schroeder variants are translatable.


Kontakt: Jan Horacek