Themen

• Your own topic – English only

You have the possibility until the beginning of the semester to come up with your own topic and find a supervisor who is willing to mentor more students.

• Location privacy – English only

Location-based services (LBSs) have become an essential part of our daily lives. In such services, users offer their (precise) locations to service providers in return of benefiting from the service. However, offering location data to service providers put users' privacy at huge risk. Often these locations are associated with points of interest (POIs) of the users. Therefore, service providers are able to infer users' private behavior by knowing these POIs with a relatively high degree of certainty. For this reason, the adoption and deployment of location privacy protection mechanisms (LPPMs) are essential to protect users' privacy.
In this seminar, you will investigate and discuss the existing LPPMs as well as the privacy metrics that reflect how much privacy a user gains when applying a protection mechanism.

• Network Security Breaches – English only

The goal of this seminar is the outlining of popular network security breaches (2-3 examples).  Subsequently, state-of-the-art protection or detection approaches against these presented breaches should be explained.

Leonard Bradatsch

• First Packet Authentication – English only

All three of the above stated techniques describe an authentication process that starts with the very first packet a client sends to an network entry node when entering a network or accesing a service. This kind of authentication can be performed without having the communication parties any messages exchanged before the authentication happened.
The seminar paper should describe these techqniues and should outline the different existing approaches to perform such a first packet authentication.

Leonard Bradatsch

• Accessibility in Modern Web Applications – English only

Due to "Statistisches Bundesamt" 9.52% of germany's population had a severe disability in 2019. Many of various disabilities e.g. visual impairement influence the user interaction with web applications. Although most of the impact of a disability can be compensated with accessible tools like special input devices and client-software, such tools are heavily relying on extra information from the application itself.
This seminar paper should summarize and describe current concepts, tools and frameworks for development of an accessible modern web application.

• State of the art in biological molecular dynamics simulation software – English only

Parallel molecular dynamics (MD) simulations are critical to researching the interactions of hundreds of millions of atoms
and molecules in biomolecular systems like DNA transcription, protein assembly and many more.
MD simulations are used in molecular medicine and drug research or to create visualizations of biological systems,
which further our understanding of life's secrets.
MD frameworks such as NAMD and GENESIS are highly parallelized, high-performance software packages
which can scale up to hundreds or even many thousands of CPU and GPU cores.
This seminar should give an overview of the basic operating principles of molecular dynamics simulation software,
including examples and state of the art research on the topic.

Gerhard Habiger

• CheapBFT: a resource-efficient replication approach – English only

State-machine replication is a technique to deploy mulitple server replicas at once and let them do the same on behalf of client requests. In case of faults the service is still available. Even more, the service can tolerate arbitrarily misbehaving replicas (up to a certain number) by forming a quorum of votes. This needs typically 3f+1 replicas if we want to tolerate up to f faulty replicas. CheapBFT is another approach that needs less resources and still provides fault tolerance against arbitrarily misbehaviour, so called Byzantine failures. This seminar work is supposed to characterise CheapBFT in comparison to traditional approaches against Byzantine faults by state-machine replication.

There is only a single scientific paper describing CheapBFT. However, the candidate student is requested to introduce state-machine replication by having a look at papers about fundamental aspects and related traditional approaches.

Franz J. Hauck

• BFT Consensus Protocols: An Overview – English only

Byzantine fault tolerant (BFT) consensus protocols enable a set of distributed nodes to agree on a series of values, even if a minority of the nodes is faulty or malicious.
Originally developed as a fundamental mechanism for state machine replication (SMR), they have gained a lot of attentation from blockchain researchers recently, because they provide an efficient alternative to PoW mechanisms in (permissioned) blockchains.
However, since blockchains are operated in different network environments compared to SMR systems, a new generation of consensus protocols has evolved in recent years.
The task of this seminar is to provide a gentle introduction to the underlying consensus problem and a comparison of different BFT consensus protocols.

Alexander Heß

• Attacks on Automotive Systems – English only

Over the last 12 years, a large number of security attacks on automotive systems were discovered and published.
This Seminar topic should provide an overview over these attacks, identify common structures, present particularly noteworthy examples and conclude with some lessons learned. A survey article on automotive attacks is provided as a starting point.

Frank Kargl

• Secure over-the-air updates for vehicles – English only

Modern vehicles have become complex software products that need to be maintained for several decades in order to ensure their safe operation on the road. Typically, software is updated much more frequently than a car is taken to the shop for maintainance and therefore other ways to deploy software updates need to be considered. Over-the-air updates allow quick and cheap deployment of new or updated software to a large vehicle fleet, but security aspects need to be considered very carefully for obvious reasons.
In this seminar, you will identify and compare different proposals for implementing over-the-air updates for vehicles from a security perspective.

Dominik Mauksch

• Concepts and techniques in Library Isolation – English only

Different applications are isolated in modern operating systems so that they can only exchange information via predefined interfaces, e.g. shared memory. However, libraries used in applications usually run in the application context and thus with the same privileges and address space as the main application. They therefore increase the attack surface of an application, e.g. in the case of return-oriented programming attacks.
In this seminar, you should have a look into different approaches of in-application and library isolation techniques and compare them, e.g. with respect to their performance impacts and security assumptions.

Dominik Mauksch

• Evolution of the Hypertext Transfer Protocol – English only

Since HTTP was first developed at CERN in 1989 it has seen many changes. While it still serves its original purpose, HTTP also became a ubiquitous application protocol with a variety of uses that go far beyond the transportation of hypertext documents. But not only the applications of HTTP have changed drastically in the last 32 years, the protocol stack has also evolved. Nowadays more than 90% of the HTTP traffic is encrypted using TLS and while the adoption of HTTP/2 is steadily increasing, the IETF is in the process of finalizing the HTTP/3 protocol with 71% of running web browsers already supporting it.
This seminar should explore the history and evolution of HTTP and discuss old and new challenges and issues of the protocol and how newer HTTP versions address previous issues.

• Authentication in Web Applications – English only

Modern web application development encompasses a variety of approaches to implement authentication and session handling, ranging from traditional password-based authentication and cookie-based session handling to multi-factor authentication and complex authentication protocols, such as OAuth, OpenID, and SAML. Depending on the requirements of the application some approaches are better suited than others. This seminar should explore the authentication design space and compare stateful and stateless session handling approaches.

Echo Meißner

• Differential Privacy – English only

Differential Privacy (DP) is a privacy enhancing technology (PET) which should help to increase the privacy of users submitting data. Very simply spoken, during the data gathering phase noise is added to the value of each user in such a way that the individual user cannot be distinguished of others, and in the evaluation phase, the noise is taken into consideration to calculate certain analytics over the whole dataset. This oversimplified example was only used to explain the basics of the idea behind this PET, which has more specifics and potential.
In this seminar, you will take a deeper look into differential privacy, explain it with the help of an example, and present a simple framework using DP in a current application.

Michael Wolf

• The Boring Loop - a critical analysis – English only

Elon Musk opened recently the Las Vegas Convention Center Loop which was build by his company "The Boring Company". This project was created to speed up travel time in cities between specific locations, but also show that the cost of tunnel drilling can be reduced drastically. With the Loop in Vegas now finished, theses promises can be examined critically, as well as the concept of individual transport through tunnels.
In this seminar, you will have to compare the cost and performance of the Vegas Center Loop with other tunnel projects in the USA, Germany and other countries. Additionally you have to compare this concept with other transportation methods, like subway, bus, E-Scooter, etc...

Michael Wolf

• Secure Multi-Party Computation – English only

The goal of Secure Multi-Party Computation (MPC) is to enable parties to work together without ever knowing one another's confidential information. It plays an important role in solving security and privacy issues and there are many examples of where it can be helpful.
The aim of this seminar is to investigate MPC with respect to both theoretical and practical aspects and look at uses in real world applications.

Migena Ymeraj

• Distributed Machine Learning – English only

Due to the poor scalability and efficiency of learning algorithms, Machine Learning cannot handle large-scale data. This issue gave rise to Distributed Machine Learning. Even though it is a promising line of research, it still faces a lot of challenges.
The goal of this seminar is to discover the importance of Distributed Machine Learning, while comparing it with traditional Machine Learning environments and investigating its challenges.

Migena Ymeraj

• Containerization Technologies – English only

Kubernetes, Docker Swarm, Openshift, Portainer, Apache Mesos and others are in everyones mind. They've been made to revolutionize how to separate several applications and software stacks from each other. But did you ever had a look at the underlying technologies?
In this survey the student is asked to examine, compare and summarize the main differences between many (at least five) different OS-level virtualization technologies currently existing in modern desktop and server environments. As a first task, the student needs to introduce the main ideas behind the concepts of such user space instances and its differences to other approaches like hardware-based virtualization. Maybe, also an historical overview can be given as a guide for the reader. In a second step the student has to examine the differences of the proposed technologies and summarize them according to their dis-/advantages. Finally, the student has to conclude which technology might be the best for which use cases, e.g. working in privacy-aware, secure or speed-optimized environments.

Thomas Bläsing

• Timing Attacks - An Overview – English only

Classical cryptographic research deals with adversaries of polynomially bounded computational power. However, this attack model is not always realistic. In particular, an attacker may be able to measure the time it takes to run cryptographic algorithms. As often the running time of an algorithm depends on its input, this can be used to gather various information about the inputs to the algorithm or its internal workings. In a security context, sensitive data such as encryption keys and passwords may be recoverable by measuring the run time of programs. Examples are the run time of multiplications in the RSA algorithm, the POODLE and Lucky Thirteen Attack on TLS, as well as various  forms of Cache timing attacks (PRIME+PROBE, EVICT+TIME).
In this seminar, the student should give an overview of timing attacks, thereby explaining at least one example in depth. Further, some mitigations against timing attacks  should be discussed.

Henning Kopp (Schutzwerk GmbH)

• Padding Oracles – English only

Block ciphers only work on inputs that are a multiple of the cipher’s block length in commonly used modes such as CBC. As data usually comes in arbitrary lengths, inputs to these algorithms need to be extended (padded) to a multiple of the block length. This seemingly simple problem lead to quite huge cryptographic problems. Depending on the scenario, it is even possible that an attacker is able to completely decrypt the ciphertext or encrypt data of their choosing.
Your paper and presentation should explain the details of how a padding oracle works and how it can be used for decryption and ciphertext forgery. Moreover, you should give an overview of the problems this attack scenario caused as well as how the security community tries to avoid it nowadays.

Martin Lang (BMW Car IT)

• Secure In-Car Communication – English only - Master only (RTDS)

Modern cars contain an abundance of different ECUs controlling different aspects of the car's functionality. Along with an ever rising number of sensors and actuators, more and more control of the car is handed over to digital equipment. The rising complexity of these systems also leads to an increasingly large attack surface. Assuring the integrity and authenticity of in-car communication is therefore critical for the safety of driver, passengers, and other road users.
The target of this seminar is to analyse the current state of ECU communication security of different in-car protocols and bus systems and collecting and documenting potential challenges for the design of a secure ECU platform.

Thomas Lukaseder (Escrypt)

Sorted by Topics

Automotive
- Attacks on Automotive Systems (Frank  Kargl)
- Secure over-the-air updates for vehicles (Dominik Mauksch)
- Concepts and techniques in Library Isolation  (Dominik Mauksch)
- Secure In-Car Communication (Thomas Lukaseder)
- The Boring Loop - a critical analysis (Michael Wolf)

Cryptography
- Secure Multi-Party Computation (Migena Ymeraj)
- Padding Oracles (Martin Lang BMW)
- Timing Attacks - An Overview (Henning Kopp Schutzwerk)

Distributed Systems
- State of the art in biological molecular dynamics simulation software (Gerhard Habiger)
- CheapBFT: a resource-efficient replication approach (Franz J. Hauck)
- BFT Consensus Protocols: An Overview (Alexander Heß)

Network Security
- Network Security Breaches (Leonard Bradatsch)
- First Packet Authentication (Leonard Bradatsch)

Privacy
- Location privacy (Ala'a Al-Momani)
- Differential privacy (Michael Wolf)
- Distributed Machine Learning (Migena Ymeraj)

Software Engineering
- Accessibility in Modern Web Applications (Eugen Frasch)
- Evolution of the Hypertext Transfer Protocol (Echo Meißner)
- Authentication in Web Applications (Echo Meißner)
- Containerization Technologies (Thomas Bläsing)