Automated State Machine Extraction from Emulated Basebands, MASTER Thesis In a mobile
network, state machines are crucial to define the interaction within different protocols. They help to create
systems that can interact with each other despite being implemented by different vendors. However, the
individual implementations can differ from the official specification, which results in potential differences in
devices that can cause security issues. In this thesis, we focus on the baseband of mobile devices, e.g., the
component that implements the mobile-specific functions in an end device like a smartphone. You make use of the
FirmWire to analyze sequences of NAS and RRC messages. To this end, you implement a tool that can track
transitions and, eventually, derive a state machine from the emulated firmware.
Automatic Function Name Inference for Large-Scale Binaries, BACHELOR/MASTER Thesis
In security analysis and open-source driver development, source code is often unavailable, and debug symbols are
often missing. Finding good function names in such cases helps with reverse engineering those binaries, but
doing this manually can be a daunting task. While debug symbols may be absent, log functions (e.g., printf in
ELF binaries, UART printing functions for monolithic binaries, ...) can give an idea of what a function name
could be. Large Language Models (LLMs) could assist in this process as well. The thesis should aim to improve
firmware analysis for both ELF binaries (easy), and for monolithic firmware.
In this project, the student will implement a program to automatically infer function names in (large-scale)
stripped binaries, improving the efficiency of reverse engineering and firmware analysis. The program can use
log functions (such as printf in ELF binaries and UART-based logging in monolithic firmware) as hints for
function identification. Additionally, Large Language Models (LLMs) and heuristic-based techniques can be
explored to improve function name inference. The project also includes creating a ground truth dataset,
implementing the method in a reverse engineering framework as a plugin (e.g., Ghidra or Binary Ninja), and
evaluating the effectiveness of the approach. The student must also come up with good metrics for testing
effectiveness. If time permits, the work can be extended to infer variable names or analyze baseband firmware.
Passive Baseband Vendor Fingerprinting through Protocol Differences, MASTER Thesis This research explores the feasibility of passive baseband fingerprinting techniques by analyzing cellular network traffic of different mobile phone vendors and baseband processors. This can be done by identifying and analyzing small variations in the way different baseband firmware from different vendors and hardware implement and process cellular protocols. This research could create interesting questions about intrusion detection (based on anomalies in baseband behavior) on the one hand and privacy/tracking related questions on the other hand.
In this project, the student will analyze passive baseband fingerprinting techniques by examining variations in cellular network traffic across different mobile device vendors and baseband processors. The focus will be on identifying differences in protocol orhardware processing characteristics in vendor specific baseband implementations. The project involves setting up controlled experiments with selected devices, extracting relevant metadata (called features) from the traffic, and developing a methodology for a larger scale analysis. The student will generate a dataset, train a classification model, and evaluate its accuracy in distinguishing basebands. If time permits, the project can be extended to explore intrusion detection applications or privacy risks/attacks related to baseband fingerprinting.
Quantum-Based Untraceable Communication
Survey of Adversarial Models for Traffic Analysis in Quantum Networks, BACHELOR Thesis
Quantum communication introduces new adversarial capabilities, but most existing traffic analysis models are
rooted in classical assumptions.
This thesis will survey the literature on quantum-enabled adversaries, classify their capabilities (e.g.,
passive, active, entanglement-based), and produce a taxonomy of attack models suitable for traffic analysis
research in quantum-augmented settings.
Formal Modeling of Timing Leakage in Quantum-Classical Hybrid Systems, MASTER Thesis
In hybrid communication systems, classical timing channels may be affected or limited by quantum uncertainty.
Understanding these interactions is crucial for designing leakage-resistant protocols.
The thesis involves developing a formal model of timing leakage that incorporates quantum timing imprecision,
creating visual simulations, and comparing leakage properties against classical models.
Implementation and Benchmarking of Classical Traffic Morphing Techniques, BACHELOR Thesis
Classical traffic morphing techniques remain foundational for traffic privacy. Their performance and limits need
to be understood before integrating quantum-inspired ideas.
The thesis involves implementing traffic morphing strategies (e.g., dummy traffic, timing shifts), running
benchmark experiments, and evaluating their effectiveness under known traffic analysis attacks.
Extending Mixing Protocols with Quantum-Inspired Randomness Models, MASTER Thesis
Quantum processes can produce randomness distributions that differ from classical pseudorandom generators. These
may help design harder-to-predict mixing strategies.
This thesis will extend existing mixnet-like protocols by integrating non-classical randomness models and
analyze their effects on metadata leakage and traffic flow patterns.
Frontend for Visualizing Simulated Traffic Traces, BACHELOR Thesis
Traffic simulations often generate abstract trace files that are hard to interpret. A visual frontend helps
researchers understand how protocols affect observable traffic.
The thesis includes developing a simple web-based or desktop interface for viewing packet timelines, flow
diagrams, and adversarial trace reconstructions based on simulation output files.
Integration of Adversarial Correlation Attacks into Simulation Testbed, MASTER Thesis
To evaluate metadata leakage, simulation environments must include realistic adversarial models capable of
timing and flow analysis.
The thesis will implement correlation-based traffic analysis attacks (e.g., flow linking, burst timing) as
modular components in the simulation framework, and provide evaluation scenarios comparing defenses from the
SQUID project.
Evaluation of Anonymity Metrics in Quantum-Enhanced Protocol Models, MASTER Thesis
Classical anonymity metrics may not capture the privacy implications of quantum-augmented protocols. A critical
evaluation is needed to adapt or rethink these metrics.
The thesis will apply, adapt, and evaluate existing anonymity metrics (like k-anonymity, entropy-based metrics)
on quantum-inspired protocols, identifying their strengths and weaknesses in this new context.
Information-Theoretic Bounds on Flow Correlation in Noisy Quantum Channels, MASTER Thesis
Quantum-enhanced protocols may introduce uncertainty that reduces flow correlation, but how much protection this
provides is still unknown.
The thesis will model adversarial inference in noisy quantum-like channels, derive upper bounds on remaining
correlation, and validate results via simulation or analytical estimation.
Network Infrastructure Bias
Biased Overlay Networks, BACHELOR/MASTER Thesis An overlay network provides a service on
the application layer and uses the existing infrastructure of the Internet. One example of this is Tor, a system
that provides additional security and privacy for online connections. The level of protection that such a
connection can offer, however, depends on the infrastructure of the underlying network. For example, if the
traffic is routed through countries that monitor and censor Tor, transmissions are much more likely to be
targeted by attacks. In this thesis, your analyze the bias that the Internet infrastructure introduces for
overlay networks. To this end, you use empirical information of the Internet and match it with the
infrastructure of overlay networks. After implementing a simulation model, you analyze how the Internet
influences the security and privacy of connections and how it opens up attack vectors.