Abschlussarbeiten

Auf dieser Seite finden Sie Informationen zu aktuell von uns angebotenen Themen für Abschlussarbeiten. Informationen zu bereits laufenden oder fertiggestellten Arbeiten finden sich auf einer Unterseite.

Hinweis zur Sprache: Im Folgenden werden die verfügbaren Themen hauptsächlich auf Englisch aufgelistet. Bei der Bearbeitung eines Thema steht es Studierenden frei, sich entweder für Deutsch oder Englisch als Sprache für die Ausarbeitung zu entscheiden.

Themen nach Abschluss

Bachelor-Arbeiten


20.
default
Lukaseder, Thomas
Analyse von DDoS Angriffstraffic und DDoS Mitigation Tests
Bachelorarbeit, Masterarbeit
Institut für Verteilte Systeme,
2018
in preparation

Tags: AA, BA, MA, ThomasLukaseder, itsec, networks

Abstract: DDoS Attacken gewinnen immer mehr an Relevanz. Eine aktuelle Studie hat ergeben, dass 1/3 aller IPv4-Adressen weltweit in den letzten Jahren angegriffen wurden. Wir arbeiten daran, DDoS-Attacken verschiedenster Art abzuwehren. Hierfür ist es essentiell zu analysieren, wie echte Angriffe in Produktivnetzwerken aussehen, um die eigenen Methoden zur Abwehr auf ihre Tauglichkeit hin prüfen zu können. Dies soll zusammen mit der Firma Isarnet aus München untersucht werden. IsarNet entwickelt das IsarFlow-System zur Netzverkehrsanalyse auf Basis von Netflow, welches in vielen Unternehmens- und Providernetzen eingesetzt wird. Im Rahmen dieser Arbeit wollen wir Aufzeichnungen echter Angriffe nutzen, analysieren und nachbilden um unser eigenes System mit realistischen Daten testen und verbessern zu können.

19.
default
Erb, Benjamin and Meißner, Dominik
Blockchain Analysis with Chronograph
Bachelor's thesis, Master's thesis or individual lab project
Institute of Distributed Systems,
2018
in preparation

Tags: PROJEKT, AA, BA, MA, BenjaminErb, FrankKargl, sidgraph, distributed, DominikMeissner

Abstract: Blockchain technology allows for decentralized, distributed, and secure ledgers that store records (e.g., transactions). Popular blockchain-based systems such as Bitcoin and Etherum have emerged as so-called crypto-currencies. As the ledger maintains the full history of transactions, interactions within the system are always persisted. In this work, the student is asked to design and implement online and offline transaction analyses based on Chronograph, a data processing platform for evolving graphs developed at our Institute. Therefore, different blockchain-based systems should be surveyed and appropriate analysis mechanisms should be conducted.

18.
default
Meißner, Dominik
Dependency Tracking in Distributed Retroactive Applications
Bachelor's thesis, Master's thesis or individual lab project
Institute of Distributed Systems,
2018
in preparation

Tags: PROJEKT, AA, BA, MA, FrankKargl, retroaction, distributed, DominikMeissner

Abstract: Retroactive computing enables programmatical access to the history of an application. This offers a variety of capabilities, such as computations and predictions of alternate application timelines, post-hoc bug fixes, and retroactive state explorations. Reads and writes of the application state have to be tracked and persisted in order to support retroaction. This is fairly simple for a single-writer append-only log, but entails various issues in a distributed setting. This thesis/project should explore different approaches for a distributed dependency tracking, including a prototypical implementation based on an existing platform prototype and an evaluation of the resulting artifacts.

17.
default
Mödinger, David
Simulation von Broadcastprotokollen in NS3
Projekt- oder Bachelorarbeit
Institute of Distributed Systems,
2018
in preparation

Tags: ABSCHLUSSARBEIT PROJEKT Bachelor AA BA DavidMödinger VAPS networks privacy

Abstract: Um Transaktionen in Blockchain Netzwerken zu verteilen wird üblicherweise ein Broadcast Mechanismus verwendet. Dieser bietet jedoch Angriffsfläche für verschiedene Arten der Deanonymisierung. Da die Privatsphäre im Umgang mit Geld jedoch besonders wichtig ist, arbeiten wir an einem Protokoll um diese zu schützen. Derzeit existieren bereits einige Vorschläge für verwandte Protokolle. Für vergleichbare Untersuchungen sollten alle unter denselben Bedingungen evaluiert werden. Um diese Umstände zu erreichen, möchten wir dieselbe Simulationsumgebung für alle verwenden. Ziel der Arbeit ist die Implementierung verschiedener Protokolle und deren Auswertung. Literaturrecherche fällt je nach gewähltem Umfang und Arbeitsart an.

16.
default
Mödinger, David
Evaluation von Threshold Cryptography für k-anonyme Dining Cryptographer Netzwerke
Bachelor- oder Masterarbeit
Institute of Distributed Systems,
2018
in preparation

Tags: ABSCHLUSSARBEIT Master Bachelor AA BA MA DavidMödinger networks privacy itsec

Abstract: Dining Cryptographer Netzwerke bieten eine Möglichkeit um in einer Gruppe anonym eine Nachricht an alle zu verbreiten. Diese Konstruktion benötigt jedoch sehr viele Nachtrichten und erzeugt daher viel Overhead. Um die Effizienz dieser Netzwerke zu verbessern, haben von Ahn. et al. das Konzept der k-Anonymität auf sie angewandt: Kleinere Gruppen im Gesamtnetzwerk erlauben eine Einschränkung der Anonymität, erzeugen jedoch deutlich weniger Overhead. Um die k-Anonymitätsgarantie zu stärken, bietet die Kryptografie das Konzept der Threshold-Kryptografie an: Nur wenn ausreichend Nutzer sich beteiligen, kann die Nachricht entschlüsselt werden. Ziel dieser Arbeit ist es, die Umsetzung dieser Technik für k-DC Netze zu untersuchen.

15.
default
Hauck, Franz J.
Entwicklung einer Softwarekomponente für einzigartige Signaturen mit Intel SGX
Abschlussarbeit, Projekt
Institute of Distributed Systems,
2018
in preparation

Tags: ABSCHLUSSARBEIT PROJEKT Bachelor BA FranzHauck VAPS

Abstract: Replizierte Systeme basieren oft auf Einigungsalgorithmen. Im Falle von beliebigen (byzantinischen Fehlern) werden N = 3f+1 Replikate benötigt bei f zu tolerierenden Fehlern. Mit Hilfe von vertrauenswürdigen Komponenten kann dies auf N = 2f+1 reduziert werden. Ein so genannter USIG ist so eine Komponente. Sie signiert eine Nachricht und zählt dabei eine von außen unveränderliche Sequenznummer hoch. Aufgabe der Arbeit ist es, ein Konzept und eine Implementierung mit Hilfe von Intel SGX zu entwickeln, die aus einer Java-Anwendung heraus genutzt werden kann. Herausforderungen ist neben der Implementierung die geeignete Initialisierung der Komponente.

14.
default
van der Heijden, Rens
Implementation of Targeted Attack on Vehicle-to-Vehicle Communication
Bachelorar Thesis
Institute of Distributed Systems,
2018
in preparation

Tags: ABSCHLUSSARBEIT BACHELOR BA RensVanDerHeijden sec

Abstract: In recent years, much research has been devoted to the design and implementation of vehicle-to-vehicle communication, based on a variety of communication technologies. Current standards foresee an ad-hoc communication architecture, where vehicles interact with other vehicles without the need for infrastructure. A major concern in such a network is the integrity and correctness of the exchanged information. Although solid proposals exist to protect message integrity, the detection of incorrect messages (misbehaviour detection) is a domain where there is no agreed-upon solution. At the institute of distributed systems, we are developing the Maat framework, which is designed to collect messages and apply misbehaviour detection mechanisms to determine which messages are valid. We use techniques from information fusion and trust management to establish trustworthiness of messages and vehicles. For validation of our framework, we are looking for a student interested in designing novel attacks to test the reliability of our framework. In particular, we are interested in attacks designed to be difficult to detect, either by combining multiple attack strategies or designing new ones. These attack should be developed within the VEINS framework, a C++-based simulation library for vehicle-tovehicle communication.

13.
default
Kopp, Henning
Privacy guarantees of Bloom filters in Simple Payment Verification
Bachelorarbeit
Institut für Verteilte Systeme, Universität Ulm,
May 2017
in preparation

Tags: AA, BA, HenningKopp, distributed, itsec, privacy

Abstract: Simple payment verification is a protocol which allows thin clients such as smartphones to use Bitcoin without downloading the whole blockchain. The thin client continually asks a full node for incoming transactions. Since the thin client only wants to know his/her own transactions but does not want the full node to link the transactions of the thin client to its identity, a bloom filter is used. Thus, false positives are introduced and the full node does not learn the account balance of the thin client. Stealth addresses are another privacy mechanism for Bitcoin addresses. They enable a sender of a transaction to derive new ephemeral recipient keys. Currently, stealth addresses are not compatible with simple payment verification and cannot be used on thin clients. One proposal is to add a fuzzy identifier (e.g., the first few bits) of the recipient long-term key to the transactions. One goal of the thesis is to evaluate and compare the privacy properties of current wallets for thin clients. Further, the tradeoff between privacy and efficiency of how the fuzzy identifier for stealth addresses is chosen should be evaluated and practical parameters proposed. Maybe you can even come up with own ideas for improving the privacy of thin clients.

12.
default
Kleber, Stephan and Kargl, Frank
Automation of Analysis Result Quality Assessment
Bachelor's or Master's thesis, Project
Institut of Distributed Systems, Ulm University,
2017
in preparation

Tags: AA, BA, MA, PROJEKT, StephanKleber, FrankKargl, itsec, networks

Abstract: For an effective evaluation of multiple inference methods for network messages with a representative set of network protocol traces, automation is required. To accomplish this, the tasks of this thesis are tree-fold:1. Generate test-case specimens by preprocessing and filtering of selected network traces. An examples for a possible metric to be filtered for is high field-type variance.2. Evaluate the inference of the generated traces with the tools ReverX, Netzob, PRISMA, or even with an own implementation of known methods.3. For the automated assessment of the result quality for all evaluated inference methods, dissectors, like those of of scapy or Wireshark may be used for a quantifiable quality validation.The scope for the evaluation is limited to message type and format explicitly excluding the behavior model of the protocol.

11.
default
Kleber, Stephan and Kargl, Frank
Efficient Updating of a Network-Protocol-Model with Message-Format Refinements
Bachelor's or Master's thesis
Institut of Distributed Systems, Ulm University,
2017
in preparation

Tags: AA, BA, MA, StephanKleber, FrankKargl, itsec, networks

Abstract: Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Additional information gained by recorded network traffic needs to be incorporated by recognizing the appropriate parts of the model. The modeled knowledge is to be extended depending on the applicable information inferable from the new trace.

10.
default
Kleber, Stephan and Kargl, Frank
Test-Case-Generation Strategies for Network-Protocol-Model Refinements
Bachelor's or Master's thesis
Institut of Distributed Systems, Ulm University,
2017
in preparation

Tags: AA, BA, MA, StephanKleber, FrankKargl, itsec, networks

Abstract: Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Actively probing an entity for the validity of message syntaxes allows to targetedly enhance the knowledge about the protocol. To do this efficiently a smart method of automatically generating test-cases depending on the current protocol model needs to be developed.

9.
default
Lukaseder, Thomas
High-Speed SDN-assisted DDoS-Mitigation
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in preparation

Tags: AA, BA, MA, ThomasLukaseder, distributed, itsec, networks

Abstract: We are working on a framework to mitigate DDoS attacks in high-speed networks. The framework uses software-defined networking to mitigate attacks. There are different areas of the system still under development and therefore different open theses or master project topics. Areas currently under development: Distribution of the current infrastructure, measurements of real-life networks to improve the data basis for attack mitigation, extending the system to mitigate a wider variety of attacks, and improving scalability of the system. There are open topics in all of these areas.

8.
default
Lukaseder, Thomas
Performance Measurements of Security Devices in High-Speed Networks
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in preparation

Tags: AA, BA, MA, Project, ThomasLukaseder, itsec, networks

Abstract: Security devices in networks such as firewalls or intrusion detection systems need to be evaluated concerning throughput, precision, and reliability before using them in production networks. We are working on different aspects of performance measurements of security devices: Performance evaluation of firewalls or IDS, building a network testing framework for evaluations. There are open topics in all of these areas.

7.
default
Lukaseder, Thomas
Hardware Support for Intrusion Detection Systems
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in preparation

Tags: AA, BA, MA, Project, ThomasLukaseder, itsec, networks

Abstract: The ever increasing network bandwidth causes intrusion detection mechanisms to reach the limits of their capacity. Thus, new and improved implementations for security mechanisms are urgently required. Hardware support is one way to increase the performance of IDS. One of the bottlenecks of high-speed data analysis is regular expression matching. We currently examine two possible hardware support solutions to offload the regular expression matching to hardware modules: a FPGA-based Co-Processor (extending and evaluating an existing prototype) and offloading regular expression matching to GPUs. There are open topics in both areas.

6.
default
Erb, Benjamin and Meißner, Dominik
Pause/Shift/Resume in Chronograph
Bachelor's thesis or individual lab project
Institute of Distributed Systems,
2017
in preparation

Tags: PROJEKT, AA, BA, BenjaminErb, FrankKargl, sidgraph, distributed, DominikMeissner

Abstract: Pause/Shift/Resume is a mechanism for doing iterative graph processing on an evolving graph using snapshots. Our Chronograph graph processing platform provides very similar functionalities based on an event-sourced graph model. In this work, the student is asked to incorporate the Pause/Shift/Resume mechanism into our platform. Therefore, the mechanism has to be adapted and adjusted to event-sourced graphs. Furthermore, an evaluation should highlight the runtime behavior of the approach in different workloads.

5.
default
Erb, Benjamin and Meißner, Dominik
Evaluation of Key/Value Stores for Event Sourcing
Bachelor's thesis or individual lab project
Institute of Distributed Systems,
2017
in preparation

Tags: PROJEKT, AA, BA, BenjaminErb, FrankKargl, sidgraph, distributed, DominikMeissner

Abstract: Event sourcing is an alternative persistence approach that maintains a log of state-changing events instead of altering states directly. Event-sourced architectures require an event store for efficiently appending and retrieving log entries. In this project, an evaluation of different key/value stores and alternative (No)SQL stores is to be conducted in order to identify stores appropriate for event sourcing.

4.
default
Erb, Benjamin and Meißner, Dominik
Design and Implementation of a REPL Interface for a Distributed Graph Processing Platform
Bachelor thesis or individual lab project
Institute of Distributed Systems,
2017
in preparation

Tags: PROJEKT, AA, BA, BenjaminErb, FrankKargl, sidgraph, distributed, DominikMeissner

3.
default
Erb, Benjamin and Meißner, Dominik
Secondary Index Structures on Event-sourced Graphs
Bachelor's thesis or individual lab project
Institute of Distributed Systems,
2017
in preparation

Tags: PROJEKT, AA, BA, BenjaminErb, FrankKargl, sidgraph, distributed, DominikMeissner

Abstract: As part of an ongoing research project at our institute, we are currently developing a novel distributed computing platform prototype. The systems provides a graph-based, asynchronous programming model and takes advantage of event sourcing for history-aware computations. The aim of this student work is the identification and evaluation of appropriate secondary index structures, in order to provide fast access onto specific notes of the graph topology. Also, a prototypical implementation is part of this work.

2.
default
Kleber, Stephan and Kargl, Frank
Evaluation and Enhancement of the Dynamic Network Traffic Analysis Framework ''ReFuzz''
Bachelor's thesis
Institute of Distributed Systems, Ulm University,
2017
in preparation

Tags: AA, BA, PROJEKT, StephanKleber, FrankKargl, itsec, networks

Abstract: A previous project implemented the dynamic network traffic analysis framework "ReFuzz". It allows to analyze unknown network protocols without having access to a endpoint implementation. For this framework, first, an evaluation of efficacy and efficiency of the method shall be performed for the use case of protocol reverse engineering. Therefore, suitable protocol specimens should be selected and metrics for the evaluation created from them. Measurements shall show the utility of ReFuzz for the use case of protocol reverse engineering in general.

1.
default
Erb, Benjamin
Data mining on distributed, asynchronous graph platforms
Bachelor's thesis
Institute of Distributed Systems,
2016
in preparation

Tags: AA, BA, BenjaminErb, FrankKargl, sidgraph, distributed

Abstract: As part of an ongoing research project at our institute, we are currently developing a novel distributed computing platform prototype. The systems provides a graph-based, asynchronous programming model and takes advantage of event sourcing for history-aware computations. The aim of this student work is to compile a survey of data mining mechanisms that can be executed on graphs. Specifically, asynchronicity has to be considered here. As a result, our current prototype should be evaluated on how it suits existing graph mining approaches.

Master-Arbeiten


16.
default
Lukaseder, Thomas
Analyse von DDoS Angriffstraffic und DDoS Mitigation Tests
Bachelorarbeit, Masterarbeit
Institut für Verteilte Systeme,
2018
in preparation

Tags: AA, BA, MA, ThomasLukaseder, itsec, networks

Abstract: DDoS Attacken gewinnen immer mehr an Relevanz. Eine aktuelle Studie hat ergeben, dass 1/3 aller IPv4-Adressen weltweit in den letzten Jahren angegriffen wurden. Wir arbeiten daran, DDoS-Attacken verschiedenster Art abzuwehren. Hierfür ist es essentiell zu analysieren, wie echte Angriffe in Produktivnetzwerken aussehen, um die eigenen Methoden zur Abwehr auf ihre Tauglichkeit hin prüfen zu können. Dies soll zusammen mit der Firma Isarnet aus München untersucht werden. IsarNet entwickelt das IsarFlow-System zur Netzverkehrsanalyse auf Basis von Netflow, welches in vielen Unternehmens- und Providernetzen eingesetzt wird. Im Rahmen dieser Arbeit wollen wir Aufzeichnungen echter Angriffe nutzen, analysieren und nachbilden um unser eigenes System mit realistischen Daten testen und verbessern zu können.

15.
default
Erb, Benjamin and Meißner, Dominik
Blockchain Analysis with Chronograph
Bachelor's thesis, Master's thesis or individual lab project
Institute of Distributed Systems,
2018
in preparation

Tags: PROJEKT, AA, BA, MA, BenjaminErb, FrankKargl, sidgraph, distributed, DominikMeissner

Abstract: Blockchain technology allows for decentralized, distributed, and secure ledgers that store records (e.g., transactions). Popular blockchain-based systems such as Bitcoin and Etherum have emerged as so-called crypto-currencies. As the ledger maintains the full history of transactions, interactions within the system are always persisted. In this work, the student is asked to design and implement online and offline transaction analyses based on Chronograph, a data processing platform for evolving graphs developed at our Institute. Therefore, different blockchain-based systems should be surveyed and appropriate analysis mechanisms should be conducted.

14.
default
Meißner, Dominik
Dependency Tracking in Distributed Retroactive Applications
Bachelor's thesis, Master's thesis or individual lab project
Institute of Distributed Systems,
2018
in preparation

Tags: PROJEKT, AA, BA, MA, FrankKargl, retroaction, distributed, DominikMeissner

Abstract: Retroactive computing enables programmatical access to the history of an application. This offers a variety of capabilities, such as computations and predictions of alternate application timelines, post-hoc bug fixes, and retroactive state explorations. Reads and writes of the application state have to be tracked and persisted in order to support retroaction. This is fairly simple for a single-writer append-only log, but entails various issues in a distributed setting. This thesis/project should explore different approaches for a distributed dependency tracking, including a prototypical implementation based on an existing platform prototype and an evaluation of the resulting artifacts.

13.
default
Mödinger, David
Simulation von Broadcastprotokollen in NS3
Projekt- oder Bachelorarbeit
Institute of Distributed Systems,
2018
in preparation

Tags: ABSCHLUSSARBEIT PROJEKT Bachelor AA BA DavidMödinger VAPS networks privacy

Abstract: Um Transaktionen in Blockchain Netzwerken zu verteilen wird üblicherweise ein Broadcast Mechanismus verwendet. Dieser bietet jedoch Angriffsfläche für verschiedene Arten der Deanonymisierung. Da die Privatsphäre im Umgang mit Geld jedoch besonders wichtig ist, arbeiten wir an einem Protokoll um diese zu schützen. Derzeit existieren bereits einige Vorschläge für verwandte Protokolle. Für vergleichbare Untersuchungen sollten alle unter denselben Bedingungen evaluiert werden. Um diese Umstände zu erreichen, möchten wir dieselbe Simulationsumgebung für alle verwenden. Ziel der Arbeit ist die Implementierung verschiedener Protokolle und deren Auswertung. Literaturrecherche fällt je nach gewähltem Umfang und Arbeitsart an.

12.
default
Mödinger, David
Evaluation von Threshold Cryptography für k-anonyme Dining Cryptographer Netzwerke
Bachelor- oder Masterarbeit
Institute of Distributed Systems,
2018
in preparation

Tags: ABSCHLUSSARBEIT Master Bachelor AA BA MA DavidMödinger networks privacy itsec

Abstract: Dining Cryptographer Netzwerke bieten eine Möglichkeit um in einer Gruppe anonym eine Nachricht an alle zu verbreiten. Diese Konstruktion benötigt jedoch sehr viele Nachtrichten und erzeugt daher viel Overhead. Um die Effizienz dieser Netzwerke zu verbessern, haben von Ahn. et al. das Konzept der k-Anonymität auf sie angewandt: Kleinere Gruppen im Gesamtnetzwerk erlauben eine Einschränkung der Anonymität, erzeugen jedoch deutlich weniger Overhead. Um die k-Anonymitätsgarantie zu stärken, bietet die Kryptografie das Konzept der Threshold-Kryptografie an: Nur wenn ausreichend Nutzer sich beteiligen, kann die Nachricht entschlüsselt werden. Ziel dieser Arbeit ist es, die Umsetzung dieser Technik für k-DC Netze zu untersuchen.

11.
default
Mehdi, Muntazir
Controlled Neurofeedback using Mobile EEG and Smartphone
Master's thesis
Institute of Distributed Systems,
2018
in preparation

Tags: ABSCHLUSSARBEIT, THESIS, Master, AA, MA, MuntazirMehdi, mobile, misc

Abstract: Neurofeedback provides the necessary means to visualize selected and controlled parameters of the brain activity. In healthcare domain, neurofeedback studies enable mitigation of many psychological disorders and illnesses, mainly by therapies that help patients to better self-regulate their brain activity. Electroencephalography (EEG) is the method of monitoring the electrical activity of the brain, thus providing the necessary feedback. In this thesis work, the student is required to survey the current state of frameworks, techniques, or methods that enable coupling of Mobile EEGs with Smartphones. Bluetooth 2.1 with Enhanced Data Rate (EDR) capability is one of the most effective mean of coupling EEGs with Smartphones. The student would therefore be required to work on the Bluetooth stack to acquire real-time data generated from the Mobile EEGs, parse the electrical signal, and visualize the signal semantically. For successful completion of the thesis, the student would be required to identify and address any one of the open challenges faced by the proposed topic. An example of this can be addressing the bandwidth challenges, battery consumption, or signal accuracy

10.
default
Kleber, Stephan and Kargl, Frank
Automation of Analysis Result Quality Assessment
Bachelor's or Master's thesis, Project
Institut of Distributed Systems, Ulm University,
2017
in preparation

Tags: AA, BA, MA, PROJEKT, StephanKleber, FrankKargl, itsec, networks

Abstract: For an effective evaluation of multiple inference methods for network messages with a representative set of network protocol traces, automation is required. To accomplish this, the tasks of this thesis are tree-fold:1. Generate test-case specimens by preprocessing and filtering of selected network traces. An examples for a possible metric to be filtered for is high field-type variance.2. Evaluate the inference of the generated traces with the tools ReverX, Netzob, PRISMA, or even with an own implementation of known methods.3. For the automated assessment of the result quality for all evaluated inference methods, dissectors, like those of of scapy or Wireshark may be used for a quantifiable quality validation.The scope for the evaluation is limited to message type and format explicitly excluding the behavior model of the protocol.

9.
default
Kleber, Stephan and Kargl, Frank
Efficient Updating of a Network-Protocol-Model with Message-Format Refinements
Bachelor's or Master's thesis
Institut of Distributed Systems, Ulm University,
2017
in preparation

Tags: AA, BA, MA, StephanKleber, FrankKargl, itsec, networks

Abstract: Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Additional information gained by recorded network traffic needs to be incorporated by recognizing the appropriate parts of the model. The modeled knowledge is to be extended depending on the applicable information inferable from the new trace.

8.
default
Kleber, Stephan and Kargl, Frank
Test-Case-Generation Strategies for Network-Protocol-Model Refinements
Bachelor's or Master's thesis
Institut of Distributed Systems, Ulm University,
2017
in preparation

Tags: AA, BA, MA, StephanKleber, FrankKargl, itsec, networks

Abstract: Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Actively probing an entity for the validity of message syntaxes allows to targetedly enhance the knowledge about the protocol. To do this efficiently a smart method of automatically generating test-cases depending on the current protocol model needs to be developed.

7.
default
Lukaseder, Thomas
High-Speed SDN-assisted DDoS-Mitigation
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in preparation

Tags: AA, BA, MA, ThomasLukaseder, distributed, itsec, networks

Abstract: We are working on a framework to mitigate DDoS attacks in high-speed networks. The framework uses software-defined networking to mitigate attacks. There are different areas of the system still under development and therefore different open theses or master project topics. Areas currently under development: Distribution of the current infrastructure, measurements of real-life networks to improve the data basis for attack mitigation, extending the system to mitigate a wider variety of attacks, and improving scalability of the system. There are open topics in all of these areas.

6.
default
Lukaseder, Thomas
Performance Measurements of Security Devices in High-Speed Networks
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in preparation

Tags: AA, BA, MA, Project, ThomasLukaseder, itsec, networks

Abstract: Security devices in networks such as firewalls or intrusion detection systems need to be evaluated concerning throughput, precision, and reliability before using them in production networks. We are working on different aspects of performance measurements of security devices: Performance evaluation of firewalls or IDS, building a network testing framework for evaluations. There are open topics in all of these areas.

5.
default
Lukaseder, Thomas
Hardware Support for Intrusion Detection Systems
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in preparation

Tags: AA, BA, MA, Project, ThomasLukaseder, itsec, networks

Abstract: The ever increasing network bandwidth causes intrusion detection mechanisms to reach the limits of their capacity. Thus, new and improved implementations for security mechanisms are urgently required. Hardware support is one way to increase the performance of IDS. One of the bottlenecks of high-speed data analysis is regular expression matching. We currently examine two possible hardware support solutions to offload the regular expression matching to hardware modules: a FPGA-based Co-Processor (extending and evaluating an existing prototype) and offloading regular expression matching to GPUs. There are open topics in both areas.

4.
default
Engelmann, Felix
Blockchain Explorer
Projekt
Institute of Distributed Systems, Ulm University,
2017
in preparation

Tags: PROJEKT, FelixEngelmann

Abstract: In dem Projekt soll eine Webanwendung entstehen, die Daten aus einer Blockchain visualisiert und mit zusätzlichen Informationen aufbereitet. Für die bekannten Blockchains wie Bitcoin und Ethererum existieren Portale wie z.B. etherscan.io , die detaillierte Informationen über die jeweilige Blockchain anzeigen. Für den Einsatz in der Industrie sind diese öffentlichen Blockchains jedoch nicht zuverlässig genug. Deshalb betreut das SAMPL Projekt eine eigene Blockchain, die auf Ethereum aufbaut und speziell für Lizenzverwaltung ausgerichtet ist. Dafür soll nun ein Explorer entwickelt werden der den gleichen Komfort bietet wie die existierenden Plattformen. Die Rohdaten können per REST API bezogen werden, sollten dann aber für die Verwendung aufbereitet werden und in einer durchsuchbaren Datenbank abgelegt werden. Die UI sollte durch eine zeitgemäße Webseite geschehen. Testprojekte gibt es mit node.js und angular, jedoch ist verwendete Technologie egal, solange die Software zuverlässig im Produktivbetrieb eingesetzt werden kann.

3.
default
Kopp, Henning
Hashing into elliptic curves
Institut für Verteilte Systeme, Universität Ulm,
2016
in preparation

Tags: AA, MA, HenningKopp, FrankKargl, itsec

Abstract: Cryptographical hash functions are functions which compress an arbitrarily large (finite) input into a fixed finite set. They can serve as fingerprint of a file, since it is computationally difficult to find two inputs which yield the same hash value. Recently there appeared numerous cryptographic constructions which require a hash function which maps into an elliptic curve. This is a pretty recent development and has not yet been thoroughly researched. There are some candidate constructions but without performance measurements. The goal of the thesis is to compare the security properties of the schemes, as well as measuring their performance. Maybe you can even come up with your own own scheme for hashing into elliptic curves which you will get time to investigate.

2.
default
Erb, Benjamin and Meißner, Dominik
Interactive exploration of event-sourced graphs
Master's thesis, Diploma thesis, or Project (8 or 16 ECTS)
Institute of Distributed Systems,
2016
in preparation

Tags: AA, MA, DA, PROJEKT, BenjaminErb, FrankKargl, sidgraph, distributed, DominikMeissner

Abstract: The chronograph platform is a system for computing on evolving graphs. One module of the platform should provide an interactive user interface for exploring the history, evolution, and topology of the graph. The goal of this project is the design and implementation of a scalable, web-based user interface for the exploration of chronograph data.

1.
default
Kargl, Frank
Privacy Management using Differential Privacy in ITS
Master- oder Diplomarbeit
Institut für Verteilte Systeme, Universität Ulm,
April 2013
in preparation

Tags: MA, DA, AA, FrankKargl, privacy, mobile

Abstract: Joint project between University of Ulm, Germany and NICTA Sydney, Australia. Differential Privacy is a rather new concept that enables practically feasible privacy controls and formal guarantees to be implemented. In a recent publication, we have started to look how Differential Privacy can be used in the context of Intelligent Transportation Systems and Car-to-X communication and have identified a couple of open challenges. We have outlined how differential privacy can be integrated into the PRECIOSA Privacy-enforcing Runtime Architecture and identified a number of future research questions one being how to manage the appearing trade-off between data accuracy, privacy, and availability of data. The master thesis requires to work into the fields of Differential Privacy, Intelligent Transportation Systems, and the PRECIOSA project results based on available literature and material followed by conceptual work that should extend our existing proposal. A proof-of-concept implementation should then allow some practical analysis of the feasibility and achievable data accuracy based on Floating Car Data captured in real experiments. There is the option to work on the thesis during an internship at the NICTA in Sydney, Australia. Because of the need to apply for travel funding, this would require a longer-term planing before starting the work.

Themen nach Schwerpunkt

Netzwerke


10.
default
Lukaseder, Thomas
Analyse von DDoS Angriffstraffic und DDoS Mitigation Tests
Bachelorarbeit, Masterarbeit
Institut für Verteilte Systeme,
2018
in preparation

Tags: AA, BA, MA, ThomasLukaseder, itsec, networks

Abstract: DDoS Attacken gewinnen immer mehr an Relevanz. Eine aktuelle Studie hat ergeben, dass 1/3 aller IPv4-Adressen weltweit in den letzten Jahren angegriffen wurden. Wir arbeiten daran, DDoS-Attacken verschiedenster Art abzuwehren. Hierfür ist es essentiell zu analysieren, wie echte Angriffe in Produktivnetzwerken aussehen, um die eigenen Methoden zur Abwehr auf ihre Tauglichkeit hin prüfen zu können. Dies soll zusammen mit der Firma Isarnet aus München untersucht werden. IsarNet entwickelt das IsarFlow-System zur Netzverkehrsanalyse auf Basis von Netflow, welches in vielen Unternehmens- und Providernetzen eingesetzt wird. Im Rahmen dieser Arbeit wollen wir Aufzeichnungen echter Angriffe nutzen, analysieren und nachbilden um unser eigenes System mit realistischen Daten testen und verbessern zu können.

9.
default
Mödinger, David
Simulation von Broadcastprotokollen in NS3
Projekt- oder Bachelorarbeit
Institute of Distributed Systems,
2018
in preparation

Tags: ABSCHLUSSARBEIT PROJEKT Bachelor AA BA DavidMödinger VAPS networks privacy

Abstract: Um Transaktionen in Blockchain Netzwerken zu verteilen wird üblicherweise ein Broadcast Mechanismus verwendet. Dieser bietet jedoch Angriffsfläche für verschiedene Arten der Deanonymisierung. Da die Privatsphäre im Umgang mit Geld jedoch besonders wichtig ist, arbeiten wir an einem Protokoll um diese zu schützen. Derzeit existieren bereits einige Vorschläge für verwandte Protokolle. Für vergleichbare Untersuchungen sollten alle unter denselben Bedingungen evaluiert werden. Um diese Umstände zu erreichen, möchten wir dieselbe Simulationsumgebung für alle verwenden. Ziel der Arbeit ist die Implementierung verschiedener Protokolle und deren Auswertung. Literaturrecherche fällt je nach gewähltem Umfang und Arbeitsart an.

8.
default
Mödinger, David
Evaluation von Threshold Cryptography für k-anonyme Dining Cryptographer Netzwerke
Bachelor- oder Masterarbeit
Institute of Distributed Systems,
2018
in preparation

Tags: ABSCHLUSSARBEIT Master Bachelor AA BA MA DavidMödinger networks privacy itsec

Abstract: Dining Cryptographer Netzwerke bieten eine Möglichkeit um in einer Gruppe anonym eine Nachricht an alle zu verbreiten. Diese Konstruktion benötigt jedoch sehr viele Nachtrichten und erzeugt daher viel Overhead. Um die Effizienz dieser Netzwerke zu verbessern, haben von Ahn. et al. das Konzept der k-Anonymität auf sie angewandt: Kleinere Gruppen im Gesamtnetzwerk erlauben eine Einschränkung der Anonymität, erzeugen jedoch deutlich weniger Overhead. Um die k-Anonymitätsgarantie zu stärken, bietet die Kryptografie das Konzept der Threshold-Kryptografie an: Nur wenn ausreichend Nutzer sich beteiligen, kann die Nachricht entschlüsselt werden. Ziel dieser Arbeit ist es, die Umsetzung dieser Technik für k-DC Netze zu untersuchen.

7.
default
Kleber, Stephan and Kargl, Frank
Automation of Analysis Result Quality Assessment
Bachelor's or Master's thesis, Project
Institut of Distributed Systems, Ulm University,
2017
in preparation

Tags: AA, BA, MA, PROJEKT, StephanKleber, FrankKargl, itsec, networks

Abstract: For an effective evaluation of multiple inference methods for network messages with a representative set of network protocol traces, automation is required. To accomplish this, the tasks of this thesis are tree-fold:1. Generate test-case specimens by preprocessing and filtering of selected network traces. An examples for a possible metric to be filtered for is high field-type variance.2. Evaluate the inference of the generated traces with the tools ReverX, Netzob, PRISMA, or even with an own implementation of known methods.3. For the automated assessment of the result quality for all evaluated inference methods, dissectors, like those of of scapy or Wireshark may be used for a quantifiable quality validation.The scope for the evaluation is limited to message type and format explicitly excluding the behavior model of the protocol.

6.
default
Kleber, Stephan and Kargl, Frank
Efficient Updating of a Network-Protocol-Model with Message-Format Refinements
Bachelor's or Master's thesis
Institut of Distributed Systems, Ulm University,
2017
in preparation

Tags: AA, BA, MA, StephanKleber, FrankKargl, itsec, networks

Abstract: Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Additional information gained by recorded network traffic needs to be incorporated by recognizing the appropriate parts of the model. The modeled knowledge is to be extended depending on the applicable information inferable from the new trace.

5.
default
Kleber, Stephan and Kargl, Frank
Test-Case-Generation Strategies for Network-Protocol-Model Refinements
Bachelor's or Master's thesis
Institut of Distributed Systems, Ulm University,
2017
in preparation

Tags: AA, BA, MA, StephanKleber, FrankKargl, itsec, networks

Abstract: Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Actively probing an entity for the validity of message syntaxes allows to targetedly enhance the knowledge about the protocol. To do this efficiently a smart method of automatically generating test-cases depending on the current protocol model needs to be developed.

4.
default
Lukaseder, Thomas
High-Speed SDN-assisted DDoS-Mitigation
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in preparation

Tags: AA, BA, MA, ThomasLukaseder, distributed, itsec, networks

Abstract: We are working on a framework to mitigate DDoS attacks in high-speed networks. The framework uses software-defined networking to mitigate attacks. There are different areas of the system still under development and therefore different open theses or master project topics. Areas currently under development: Distribution of the current infrastructure, measurements of real-life networks to improve the data basis for attack mitigation, extending the system to mitigate a wider variety of attacks, and improving scalability of the system. There are open topics in all of these areas.

3.
default
Lukaseder, Thomas
Performance Measurements of Security Devices in High-Speed Networks
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in preparation

Tags: AA, BA, MA, Project, ThomasLukaseder, itsec, networks

Abstract: Security devices in networks such as firewalls or intrusion detection systems need to be evaluated concerning throughput, precision, and reliability before using them in production networks. We are working on different aspects of performance measurements of security devices: Performance evaluation of firewalls or IDS, building a network testing framework for evaluations. There are open topics in all of these areas.

2.
default
Lukaseder, Thomas
Hardware Support for Intrusion Detection Systems
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in preparation

Tags: AA, BA, MA, Project, ThomasLukaseder, itsec, networks

Abstract: The ever increasing network bandwidth causes intrusion detection mechanisms to reach the limits of their capacity. Thus, new and improved implementations for security mechanisms are urgently required. Hardware support is one way to increase the performance of IDS. One of the bottlenecks of high-speed data analysis is regular expression matching. We currently examine two possible hardware support solutions to offload the regular expression matching to hardware modules: a FPGA-based Co-Processor (extending and evaluating an existing prototype) and offloading regular expression matching to GPUs. There are open topics in both areas.

1.
default
Kleber, Stephan and Kargl, Frank
Evaluation and Enhancement of the Dynamic Network Traffic Analysis Framework ''ReFuzz''
Bachelor's thesis
Institute of Distributed Systems, Ulm University,
2017
in preparation

Tags: AA, BA, PROJEKT, StephanKleber, FrankKargl, itsec, networks

Abstract: A previous project implemented the dynamic network traffic analysis framework "ReFuzz". It allows to analyze unknown network protocols without having access to a endpoint implementation. For this framework, first, an evaluation of efficacy and efficiency of the method shall be performed for the use case of protocol reverse engineering. Therefore, suitable protocol specimens should be selected and metrics for the evaluation created from them. Measurements shall show the utility of ReFuzz for the use case of protocol reverse engineering in general.

Mobile Systeme


2.
default
Mehdi, Muntazir
Controlled Neurofeedback using Mobile EEG and Smartphone
Master's thesis
Institute of Distributed Systems,
2018
in preparation

Tags: ABSCHLUSSARBEIT, THESIS, Master, AA, MA, MuntazirMehdi, mobile, misc

Abstract: Neurofeedback provides the necessary means to visualize selected and controlled parameters of the brain activity. In healthcare domain, neurofeedback studies enable mitigation of many psychological disorders and illnesses, mainly by therapies that help patients to better self-regulate their brain activity. Electroencephalography (EEG) is the method of monitoring the electrical activity of the brain, thus providing the necessary feedback. In this thesis work, the student is required to survey the current state of frameworks, techniques, or methods that enable coupling of Mobile EEGs with Smartphones. Bluetooth 2.1 with Enhanced Data Rate (EDR) capability is one of the most effective mean of coupling EEGs with Smartphones. The student would therefore be required to work on the Bluetooth stack to acquire real-time data generated from the Mobile EEGs, parse the electrical signal, and visualize the signal semantically. For successful completion of the thesis, the student would be required to identify and address any one of the open challenges faced by the proposed topic. An example of this can be addressing the bandwidth challenges, battery consumption, or signal accuracy

1.
default
Kargl, Frank
Privacy Management using Differential Privacy in ITS
Master- oder Diplomarbeit
Institut für Verteilte Systeme, Universität Ulm,
April 2013
in preparation

Tags: MA, DA, AA, FrankKargl, privacy, mobile

Abstract: Joint project between University of Ulm, Germany and NICTA Sydney, Australia. Differential Privacy is a rather new concept that enables practically feasible privacy controls and formal guarantees to be implemented. In a recent publication, we have started to look how Differential Privacy can be used in the context of Intelligent Transportation Systems and Car-to-X communication and have identified a couple of open challenges. We have outlined how differential privacy can be integrated into the PRECIOSA Privacy-enforcing Runtime Architecture and identified a number of future research questions one being how to manage the appearing trade-off between data accuracy, privacy, and availability of data. The master thesis requires to work into the fields of Differential Privacy, Intelligent Transportation Systems, and the PRECIOSA project results based on available literature and material followed by conceptual work that should extend our existing proposal. A proof-of-concept implementation should then allow some practical analysis of the feasibility and achievable data accuracy based on Floating Car Data captured in real experiments. There is the option to work on the thesis during an internship at the NICTA in Sydney, Australia. Because of the need to apply for travel funding, this would require a longer-term planing before starting the work.

Distributed Computing


10.
default
Erb, Benjamin and Meißner, Dominik
Blockchain Analysis with Chronograph
Bachelor's thesis, Master's thesis or individual lab project
Institute of Distributed Systems,
2018
in preparation

Tags: PROJEKT, AA, BA, MA, BenjaminErb, FrankKargl, sidgraph, distributed, DominikMeissner

Abstract: Blockchain technology allows for decentralized, distributed, and secure ledgers that store records (e.g., transactions). Popular blockchain-based systems such as Bitcoin and Etherum have emerged as so-called crypto-currencies. As the ledger maintains the full history of transactions, interactions within the system are always persisted. In this work, the student is asked to design and implement online and offline transaction analyses based on Chronograph, a data processing platform for evolving graphs developed at our Institute. Therefore, different blockchain-based systems should be surveyed and appropriate analysis mechanisms should be conducted.

9.
default
Meißner, Dominik
Dependency Tracking in Distributed Retroactive Applications
Bachelor's thesis, Master's thesis or individual lab project
Institute of Distributed Systems,
2018
in preparation

Tags: PROJEKT, AA, BA, MA, FrankKargl, retroaction, distributed, DominikMeissner

Abstract: Retroactive computing enables programmatical access to the history of an application. This offers a variety of capabilities, such as computations and predictions of alternate application timelines, post-hoc bug fixes, and retroactive state explorations. Reads and writes of the application state have to be tracked and persisted in order to support retroaction. This is fairly simple for a single-writer append-only log, but entails various issues in a distributed setting. This thesis/project should explore different approaches for a distributed dependency tracking, including a prototypical implementation based on an existing platform prototype and an evaluation of the resulting artifacts.

8.
default
Kopp, Henning
Privacy guarantees of Bloom filters in Simple Payment Verification
Bachelorarbeit
Institut für Verteilte Systeme, Universität Ulm,
May 2017
in preparation

Tags: AA, BA, HenningKopp, distributed, itsec, privacy

Abstract: Simple payment verification is a protocol which allows thin clients such as smartphones to use Bitcoin without downloading the whole blockchain. The thin client continually asks a full node for incoming transactions. Since the thin client only wants to know his/her own transactions but does not want the full node to link the transactions of the thin client to its identity, a bloom filter is used. Thus, false positives are introduced and the full node does not learn the account balance of the thin client. Stealth addresses are another privacy mechanism for Bitcoin addresses. They enable a sender of a transaction to derive new ephemeral recipient keys. Currently, stealth addresses are not compatible with simple payment verification and cannot be used on thin clients. One proposal is to add a fuzzy identifier (e.g., the first few bits) of the recipient long-term key to the transactions. One goal of the thesis is to evaluate and compare the privacy properties of current wallets for thin clients. Further, the tradeoff between privacy and efficiency of how the fuzzy identifier for stealth addresses is chosen should be evaluated and practical parameters proposed. Maybe you can even come up with own ideas for improving the privacy of thin clients.

7.
default
Lukaseder, Thomas
High-Speed SDN-assisted DDoS-Mitigation
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in preparation

Tags: AA, BA, MA, ThomasLukaseder, distributed, itsec, networks

Abstract: We are working on a framework to mitigate DDoS attacks in high-speed networks. The framework uses software-defined networking to mitigate attacks. There are different areas of the system still under development and therefore different open theses or master project topics. Areas currently under development: Distribution of the current infrastructure, measurements of real-life networks to improve the data basis for attack mitigation, extending the system to mitigate a wider variety of attacks, and improving scalability of the system. There are open topics in all of these areas.

6.
default
Erb, Benjamin and Meißner, Dominik
Pause/Shift/Resume in Chronograph
Bachelor's thesis or individual lab project
Institute of Distributed Systems,
2017
in preparation

Tags: PROJEKT, AA, BA, BenjaminErb, FrankKargl, sidgraph, distributed, DominikMeissner

Abstract: Pause/Shift/Resume is a mechanism for doing iterative graph processing on an evolving graph using snapshots. Our Chronograph graph processing platform provides very similar functionalities based on an event-sourced graph model. In this work, the student is asked to incorporate the Pause/Shift/Resume mechanism into our platform. Therefore, the mechanism has to be adapted and adjusted to event-sourced graphs. Furthermore, an evaluation should highlight the runtime behavior of the approach in different workloads.

5.
default
Erb, Benjamin and Meißner, Dominik
Evaluation of Key/Value Stores for Event Sourcing
Bachelor's thesis or individual lab project
Institute of Distributed Systems,
2017
in preparation

Tags: PROJEKT, AA, BA, BenjaminErb, FrankKargl, sidgraph, distributed, DominikMeissner

Abstract: Event sourcing is an alternative persistence approach that maintains a log of state-changing events instead of altering states directly. Event-sourced architectures require an event store for efficiently appending and retrieving log entries. In this project, an evaluation of different key/value stores and alternative (No)SQL stores is to be conducted in order to identify stores appropriate for event sourcing.

4.
default
Erb, Benjamin and Meißner, Dominik
Design and Implementation of a REPL Interface for a Distributed Graph Processing Platform
Bachelor thesis or individual lab project
Institute of Distributed Systems,
2017
in preparation

Tags: PROJEKT, AA, BA, BenjaminErb, FrankKargl, sidgraph, distributed, DominikMeissner

3.
default
Erb, Benjamin and Meißner, Dominik
Secondary Index Structures on Event-sourced Graphs
Bachelor's thesis or individual lab project
Institute of Distributed Systems,
2017
in preparation

Tags: PROJEKT, AA, BA, BenjaminErb, FrankKargl, sidgraph, distributed, DominikMeissner

Abstract: As part of an ongoing research project at our institute, we are currently developing a novel distributed computing platform prototype. The systems provides a graph-based, asynchronous programming model and takes advantage of event sourcing for history-aware computations. The aim of this student work is the identification and evaluation of appropriate secondary index structures, in order to provide fast access onto specific notes of the graph topology. Also, a prototypical implementation is part of this work.

2.
default
Erb, Benjamin and Meißner, Dominik
Interactive exploration of event-sourced graphs
Master's thesis, Diploma thesis, or Project (8 or 16 ECTS)
Institute of Distributed Systems,
2016
in preparation

Tags: AA, MA, DA, PROJEKT, BenjaminErb, FrankKargl, sidgraph, distributed, DominikMeissner

Abstract: The chronograph platform is a system for computing on evolving graphs. One module of the platform should provide an interactive user interface for exploring the history, evolution, and topology of the graph. The goal of this project is the design and implementation of a scalable, web-based user interface for the exploration of chronograph data.

1.
default
Erb, Benjamin
Data mining on distributed, asynchronous graph platforms
Bachelor's thesis
Institute of Distributed Systems,
2016
in preparation

Tags: AA, BA, BenjaminErb, FrankKargl, sidgraph, distributed

Abstract: As part of an ongoing research project at our institute, we are currently developing a novel distributed computing platform prototype. The systems provides a graph-based, asynchronous programming model and takes advantage of event sourcing for history-aware computations. The aim of this student work is to compile a survey of data mining mechanisms that can be executed on graphs. Specifically, asynchronicity has to be considered here. As a result, our current prototype should be evaluated on how it suits existing graph mining approaches.

Privacy


4.
default
Mödinger, David
Simulation von Broadcastprotokollen in NS3
Projekt- oder Bachelorarbeit
Institute of Distributed Systems,
2018
in preparation

Tags: ABSCHLUSSARBEIT PROJEKT Bachelor AA BA DavidMödinger VAPS networks privacy

Abstract: Um Transaktionen in Blockchain Netzwerken zu verteilen wird üblicherweise ein Broadcast Mechanismus verwendet. Dieser bietet jedoch Angriffsfläche für verschiedene Arten der Deanonymisierung. Da die Privatsphäre im Umgang mit Geld jedoch besonders wichtig ist, arbeiten wir an einem Protokoll um diese zu schützen. Derzeit existieren bereits einige Vorschläge für verwandte Protokolle. Für vergleichbare Untersuchungen sollten alle unter denselben Bedingungen evaluiert werden. Um diese Umstände zu erreichen, möchten wir dieselbe Simulationsumgebung für alle verwenden. Ziel der Arbeit ist die Implementierung verschiedener Protokolle und deren Auswertung. Literaturrecherche fällt je nach gewähltem Umfang und Arbeitsart an.

3.
default
Mödinger, David
Evaluation von Threshold Cryptography für k-anonyme Dining Cryptographer Netzwerke
Bachelor- oder Masterarbeit
Institute of Distributed Systems,
2018
in preparation

Tags: ABSCHLUSSARBEIT Master Bachelor AA BA MA DavidMödinger networks privacy itsec

Abstract: Dining Cryptographer Netzwerke bieten eine Möglichkeit um in einer Gruppe anonym eine Nachricht an alle zu verbreiten. Diese Konstruktion benötigt jedoch sehr viele Nachtrichten und erzeugt daher viel Overhead. Um die Effizienz dieser Netzwerke zu verbessern, haben von Ahn. et al. das Konzept der k-Anonymität auf sie angewandt: Kleinere Gruppen im Gesamtnetzwerk erlauben eine Einschränkung der Anonymität, erzeugen jedoch deutlich weniger Overhead. Um die k-Anonymitätsgarantie zu stärken, bietet die Kryptografie das Konzept der Threshold-Kryptografie an: Nur wenn ausreichend Nutzer sich beteiligen, kann die Nachricht entschlüsselt werden. Ziel dieser Arbeit ist es, die Umsetzung dieser Technik für k-DC Netze zu untersuchen.

2.
default
Kopp, Henning
Privacy guarantees of Bloom filters in Simple Payment Verification
Bachelorarbeit
Institut für Verteilte Systeme, Universität Ulm,
May 2017
in preparation

Tags: AA, BA, HenningKopp, distributed, itsec, privacy

Abstract: Simple payment verification is a protocol which allows thin clients such as smartphones to use Bitcoin without downloading the whole blockchain. The thin client continually asks a full node for incoming transactions. Since the thin client only wants to know his/her own transactions but does not want the full node to link the transactions of the thin client to its identity, a bloom filter is used. Thus, false positives are introduced and the full node does not learn the account balance of the thin client. Stealth addresses are another privacy mechanism for Bitcoin addresses. They enable a sender of a transaction to derive new ephemeral recipient keys. Currently, stealth addresses are not compatible with simple payment verification and cannot be used on thin clients. One proposal is to add a fuzzy identifier (e.g., the first few bits) of the recipient long-term key to the transactions. One goal of the thesis is to evaluate and compare the privacy properties of current wallets for thin clients. Further, the tradeoff between privacy and efficiency of how the fuzzy identifier for stealth addresses is chosen should be evaluated and practical parameters proposed. Maybe you can even come up with own ideas for improving the privacy of thin clients.

1.
default
Kargl, Frank
Privacy Management using Differential Privacy in ITS
Master- oder Diplomarbeit
Institut für Verteilte Systeme, Universität Ulm,
April 2013
in preparation

Tags: MA, DA, AA, FrankKargl, privacy, mobile

Abstract: Joint project between University of Ulm, Germany and NICTA Sydney, Australia. Differential Privacy is a rather new concept that enables practically feasible privacy controls and formal guarantees to be implemented. In a recent publication, we have started to look how Differential Privacy can be used in the context of Intelligent Transportation Systems and Car-to-X communication and have identified a couple of open challenges. We have outlined how differential privacy can be integrated into the PRECIOSA Privacy-enforcing Runtime Architecture and identified a number of future research questions one being how to manage the appearing trade-off between data accuracy, privacy, and availability of data. The master thesis requires to work into the fields of Differential Privacy, Intelligent Transportation Systems, and the PRECIOSA project results based on available literature and material followed by conceptual work that should extend our existing proposal. A proof-of-concept implementation should then allow some practical analysis of the feasibility and achievable data accuracy based on Floating Car Data captured in real experiments. There is the option to work on the thesis during an internship at the NICTA in Sydney, Australia. Because of the need to apply for travel funding, this would require a longer-term planing before starting the work.

IT-Sicherheit


11.
default
Lukaseder, Thomas
Analyse von DDoS Angriffstraffic und DDoS Mitigation Tests
Bachelorarbeit, Masterarbeit
Institut für Verteilte Systeme,
2018
in preparation

Tags: AA, BA, MA, ThomasLukaseder, itsec, networks

Abstract: DDoS Attacken gewinnen immer mehr an Relevanz. Eine aktuelle Studie hat ergeben, dass 1/3 aller IPv4-Adressen weltweit in den letzten Jahren angegriffen wurden. Wir arbeiten daran, DDoS-Attacken verschiedenster Art abzuwehren. Hierfür ist es essentiell zu analysieren, wie echte Angriffe in Produktivnetzwerken aussehen, um die eigenen Methoden zur Abwehr auf ihre Tauglichkeit hin prüfen zu können. Dies soll zusammen mit der Firma Isarnet aus München untersucht werden. IsarNet entwickelt das IsarFlow-System zur Netzverkehrsanalyse auf Basis von Netflow, welches in vielen Unternehmens- und Providernetzen eingesetzt wird. Im Rahmen dieser Arbeit wollen wir Aufzeichnungen echter Angriffe nutzen, analysieren und nachbilden um unser eigenes System mit realistischen Daten testen und verbessern zu können.

10.
default
Mödinger, David
Evaluation von Threshold Cryptography für k-anonyme Dining Cryptographer Netzwerke
Bachelor- oder Masterarbeit
Institute of Distributed Systems,
2018
in preparation

Tags: ABSCHLUSSARBEIT Master Bachelor AA BA MA DavidMödinger networks privacy itsec

Abstract: Dining Cryptographer Netzwerke bieten eine Möglichkeit um in einer Gruppe anonym eine Nachricht an alle zu verbreiten. Diese Konstruktion benötigt jedoch sehr viele Nachtrichten und erzeugt daher viel Overhead. Um die Effizienz dieser Netzwerke zu verbessern, haben von Ahn. et al. das Konzept der k-Anonymität auf sie angewandt: Kleinere Gruppen im Gesamtnetzwerk erlauben eine Einschränkung der Anonymität, erzeugen jedoch deutlich weniger Overhead. Um die k-Anonymitätsgarantie zu stärken, bietet die Kryptografie das Konzept der Threshold-Kryptografie an: Nur wenn ausreichend Nutzer sich beteiligen, kann die Nachricht entschlüsselt werden. Ziel dieser Arbeit ist es, die Umsetzung dieser Technik für k-DC Netze zu untersuchen.

9.
default
Kopp, Henning
Privacy guarantees of Bloom filters in Simple Payment Verification
Bachelorarbeit
Institut für Verteilte Systeme, Universität Ulm,
May 2017
in preparation

Tags: AA, BA, HenningKopp, distributed, itsec, privacy

Abstract: Simple payment verification is a protocol which allows thin clients such as smartphones to use Bitcoin without downloading the whole blockchain. The thin client continually asks a full node for incoming transactions. Since the thin client only wants to know his/her own transactions but does not want the full node to link the transactions of the thin client to its identity, a bloom filter is used. Thus, false positives are introduced and the full node does not learn the account balance of the thin client. Stealth addresses are another privacy mechanism for Bitcoin addresses. They enable a sender of a transaction to derive new ephemeral recipient keys. Currently, stealth addresses are not compatible with simple payment verification and cannot be used on thin clients. One proposal is to add a fuzzy identifier (e.g., the first few bits) of the recipient long-term key to the transactions. One goal of the thesis is to evaluate and compare the privacy properties of current wallets for thin clients. Further, the tradeoff between privacy and efficiency of how the fuzzy identifier for stealth addresses is chosen should be evaluated and practical parameters proposed. Maybe you can even come up with own ideas for improving the privacy of thin clients.

8.
default
Kleber, Stephan and Kargl, Frank
Automation of Analysis Result Quality Assessment
Bachelor's or Master's thesis, Project
Institut of Distributed Systems, Ulm University,
2017
in preparation

Tags: AA, BA, MA, PROJEKT, StephanKleber, FrankKargl, itsec, networks

Abstract: For an effective evaluation of multiple inference methods for network messages with a representative set of network protocol traces, automation is required. To accomplish this, the tasks of this thesis are tree-fold:1. Generate test-case specimens by preprocessing and filtering of selected network traces. An examples for a possible metric to be filtered for is high field-type variance.2. Evaluate the inference of the generated traces with the tools ReverX, Netzob, PRISMA, or even with an own implementation of known methods.3. For the automated assessment of the result quality for all evaluated inference methods, dissectors, like those of of scapy or Wireshark may be used for a quantifiable quality validation.The scope for the evaluation is limited to message type and format explicitly excluding the behavior model of the protocol.

7.
default
Kleber, Stephan and Kargl, Frank
Efficient Updating of a Network-Protocol-Model with Message-Format Refinements
Bachelor's or Master's thesis
Institut of Distributed Systems, Ulm University,
2017
in preparation

Tags: AA, BA, MA, StephanKleber, FrankKargl, itsec, networks

Abstract: Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Additional information gained by recorded network traffic needs to be incorporated by recognizing the appropriate parts of the model. The modeled knowledge is to be extended depending on the applicable information inferable from the new trace.

6.
default
Kleber, Stephan and Kargl, Frank
Test-Case-Generation Strategies for Network-Protocol-Model Refinements
Bachelor's or Master's thesis
Institut of Distributed Systems, Ulm University,
2017
in preparation

Tags: AA, BA, MA, StephanKleber, FrankKargl, itsec, networks

Abstract: Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred.After an initial inference procedure, it is desirable to refine the existing protocol model. Actively probing an entity for the validity of message syntaxes allows to targetedly enhance the knowledge about the protocol. To do this efficiently a smart method of automatically generating test-cases depending on the current protocol model needs to be developed.

5.
default
Lukaseder, Thomas
High-Speed SDN-assisted DDoS-Mitigation
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in preparation

Tags: AA, BA, MA, ThomasLukaseder, distributed, itsec, networks

Abstract: We are working on a framework to mitigate DDoS attacks in high-speed networks. The framework uses software-defined networking to mitigate attacks. There are different areas of the system still under development and therefore different open theses or master project topics. Areas currently under development: Distribution of the current infrastructure, measurements of real-life networks to improve the data basis for attack mitigation, extending the system to mitigate a wider variety of attacks, and improving scalability of the system. There are open topics in all of these areas.

4.
default
Lukaseder, Thomas
Performance Measurements of Security Devices in High-Speed Networks
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in preparation

Tags: AA, BA, MA, Project, ThomasLukaseder, itsec, networks

Abstract: Security devices in networks such as firewalls or intrusion detection systems need to be evaluated concerning throughput, precision, and reliability before using them in production networks. We are working on different aspects of performance measurements of security devices: Performance evaluation of firewalls or IDS, building a network testing framework for evaluations. There are open topics in all of these areas.

3.
default
Lukaseder, Thomas
Hardware Support for Intrusion Detection Systems
Bachelorarbeit, Masterarbeit, Projekt
Institut für Verteilte Systeme,
2017
in preparation

Tags: AA, BA, MA, Project, ThomasLukaseder, itsec, networks

Abstract: The ever increasing network bandwidth causes intrusion detection mechanisms to reach the limits of their capacity. Thus, new and improved implementations for security mechanisms are urgently required. Hardware support is one way to increase the performance of IDS. One of the bottlenecks of high-speed data analysis is regular expression matching. We currently examine two possible hardware support solutions to offload the regular expression matching to hardware modules: a FPGA-based Co-Processor (extending and evaluating an existing prototype) and offloading regular expression matching to GPUs. There are open topics in both areas.

2.
default
Kleber, Stephan and Kargl, Frank
Evaluation and Enhancement of the Dynamic Network Traffic Analysis Framework ''ReFuzz''
Bachelor's thesis
Institute of Distributed Systems, Ulm University,
2017
in preparation

Tags: AA, BA, PROJEKT, StephanKleber, FrankKargl, itsec, networks

Abstract: A previous project implemented the dynamic network traffic analysis framework "ReFuzz". It allows to analyze unknown network protocols without having access to a endpoint implementation. For this framework, first, an evaluation of efficacy and efficiency of the method shall be performed for the use case of protocol reverse engineering. Therefore, suitable protocol specimens should be selected and metrics for the evaluation created from them. Measurements shall show the utility of ReFuzz for the use case of protocol reverse engineering in general.

1.
default
Kopp, Henning
Hashing into elliptic curves
Institut für Verteilte Systeme, Universität Ulm,
2016
in preparation

Tags: AA, MA, HenningKopp, FrankKargl, itsec

Abstract: Cryptographical hash functions are functions which compress an arbitrarily large (finite) input into a fixed finite set. They can serve as fingerprint of a file, since it is computationally difficult to find two inputs which yield the same hash value. Recently there appeared numerous cryptographic constructions which require a hash function which maps into an elliptic curve. This is a pretty recent development and has not yet been thoroughly researched. There are some candidate constructions but without performance measurements. The goal of the thesis is to compare the security properties of the schemes, as well as measuring their performance. Maybe you can even come up with your own own scheme for hashing into elliptic curves which you will get time to investigate.

Fehlertoleranz


No references have been found.

Cloud Computing


No references have been found.

Multimediakommunikation


No references have been found.

Weitere Themen


1.
default
Mehdi, Muntazir
Controlled Neurofeedback using Mobile EEG and Smartphone
Master's thesis
Institute of Distributed Systems,
2018
in preparation

Tags: ABSCHLUSSARBEIT, THESIS, Master, AA, MA, MuntazirMehdi, mobile, misc

Abstract: Neurofeedback provides the necessary means to visualize selected and controlled parameters of the brain activity. In healthcare domain, neurofeedback studies enable mitigation of many psychological disorders and illnesses, mainly by therapies that help patients to better self-regulate their brain activity. Electroencephalography (EEG) is the method of monitoring the electrical activity of the brain, thus providing the necessary feedback. In this thesis work, the student is required to survey the current state of frameworks, techniques, or methods that enable coupling of Mobile EEGs with Smartphones. Bluetooth 2.1 with Enhanced Data Rate (EDR) capability is one of the most effective mean of coupling EEGs with Smartphones. The student would therefore be required to work on the Bluetooth stack to acquire real-time data generated from the Mobile EEGs, parse the electrical signal, and visualize the signal semantically. For successful completion of the thesis, the student would be required to identify and address any one of the open challenges faced by the proposed topic. An example of this can be addressing the bandwidth challenges, battery consumption, or signal accuracy