Master Theses

Security of e-scooters

TIER, Arolla, Wind, Lime, voi. ... after only two month e-scooters are all over Linz. The idea has been picked up pretty well and even the StVO (traffic rules) is going to be updated to bring (legal) clarity for the use of them. Besides all the positive voices, there is also quite some criticism, mainly about cityscape and safety. Above that, pushing to the market in such a short time frame also has the potential that security considerations have been left behind. Therefore, we are interested in various aspects of e-scooter security and have a few topics for master theses/projects to work on.
Contact: Michael Roland

Tracking of persons through Wi-Fi sniffing

The goal of this project is to passively collect and analyze Wi-Fi (802.11) packets with regard to information that could be used to track or even identify an individual person. In particular, 802.11 management frames such as probe requests seem to broadcast usable information.
As a first step, you need to build an environment to passively collect (sniff) Wi-Fi communication and to extract the relevant data (possibly based on existing open source projects). Using that environment, you will collect and analyze data emitted from various mobile devices (particularly different smartphones, typically carried around in everyones pockets). Finally, you should be able to evaluate if that data could be used to track someone's movements around a building.
Contact: Michael Roland

Implementation of a modular "Personal Agent" for handling electronic identity (eID) on Android

The aim of this project is to implement a so-called "Personal Agent" in the scope of project Digidow on Android. In this implementation, the standard Android APIs e.g. for geolocation, fingerprint authentication etc. should be used to locally (on-device) authenticate and track the end-user. This information should then be used to authenticate interaction with so-called "Verifiers" (e.g. public transport, door locks, web page login, etc.) in the digital or physical worlds.
One core aspect in this project is modularization of the application into multiple components with clearly defined security boundaries. That is, the project and thesis should explore options to protect parts of the application (e.g. the cryptographic signature module) from other, potentially compromised parts (e.g. the service discovery module with a network interface). Current options to investigate include using multiple Android services within one app, multiple apps (with different UIDs in the sense of the kernel sandbox), SELinux policies, and seccomp filters. Ideally, core parts of these modules should be written in Scala with Java parts only to interface with required Android app framework components.
Another Master thesis on implementing the Personal Agent in Rust with respective modularization methods available on Linux on Unikernels is currently ongoing. The network interfaces of both implementations should be interoperable, so some coordination with the other Master thesis will be required.
Contact: Rene Mayrhofer

Injecting URLs and other data to Smart TVs via DVB-T

The Institute of Networks and Security has software defined radio hardware that should be suitable to create and inject DVB-T signals into receivers such as Smart TVs. The aim of this thesis is to reproduce and potentially extend the work shown in on how injected HbbTV URLs are automatically opened/executed on some Smart TVs to allow a remote code execution.

Security analysis of the communication protocol of a MAVIC PRO drone

This project aims to investigate the two communication channels (Wi-Fi and a custom RF) of a commercial drone ( and analyze the used communication protocol. Using a software defined network and state-of-the-art reverse engineering tools, your goal is to find potential security weaknesses and make suggestions on how to improve the existing protocols.
Contact: Rene Mayrhofer

Multiple topics on dynamic, behaviour-based recognition of malicious software

(in cooperation with Sophos Labs)
Contact: Rene Mayrhofer

TPM and remote attestation for cloud infrastructure providers


Reproducible builds for Java and Android apps


Smart home security: preventing privacy leaks with home routers


Vibration patterns for authenticating phones to users

Study if randomly generated patterns can be recognized by users incl. the expected training effect.

Dienst zum Rendern von Browser-Screenshots


E-Learning System für Websites am Beispiel RIS

Beispiels-Suchaufgaben mit Beobachtung des Benutzers (Eingabe, Mausbewegungen etc.) und adaptiven Reaktionen darauf (Verbesserungsvorschläge, Vorzeigen mit Maus&Eingabe + Audio-Kommentar); Zwei Varianten (ca. 10 Min. für Laien, ca. 90 Minuten für Profis)

VM ressource usage verification

Unter Hype-V kann man den Ressourcenverbrauch einer VM genau messen. Kann man Software so ändern, dass sie regelmäßig Logging an Drittmaschinen ausgibt, wie viel Arbeit sie verrichtet hat? Kann man dies dann mit den Hyper-V-Messungen vergleichen? Kann man daraus feststellen, ob zusätzliche Software (= Malware) in der Maschine läuft bzw die Abrechnung zumindest ungefähr korrekt ist? Implementierung eines Beispiels an einem Webserver (plus Datenbank intern oder separat sowie Zugriff auf externe Webressourcen). Relevant: CPU-Last/Nutzung, Disk-Nutzung, Bandbreite – nicht unbedingt absolut aber z.B. nach einer Kalibrierungsphase.

Translate security protocols specified in Alice&Bob notation to Scyther language

Alice&Bob notation has been widely used to describe security protocols. However, protocol verification tools such as ProVerif, Scyther, and Tamarin have their own specification language. We are therefore interested in developing a tool that allows translating an Alice&Bob specification to other languages that can then be used as input to different verification tools. The goal of this particular task is to build a tool that translates an Alice&Bob specification to Scyther specification. As Scyther does not support equational theories that are often used to model for instance Diffie-Hellman exponentiation, not all Alice&Bob specifications are convertible to Scyther's language. Nevertheless, many protocols such as Kerberos and Needham-Schroeder variants are translatable.

Browser-plugin for Firefox to detect person identifiable information

Detect person identifiable information in forms filled in and mark them. Classify them as yellow (potentially problematic) and red (dangerous). Red ones are warned before sending (confirmation dialogue). Also warn if the same information is entered on two different sites. This requires storing the information, so this must be done securely. This should be hashed, including a salt, plus iterations (like a password). To be recognized are at least: person name, credit card number, IBAN/BIC, bitcoin addresses, E-Mail addresses, passwords.

Extend JPLAG to support assembly language

Ideally in a generic way, so Gnu/Intel syntax is both possible (perhaps even interchangeable!), and also different processor architectures.