Offene Abschlussarbeiten

The alps see a surge of trail parks being built. These trails include frequent turns and jumps which are often ridden at high speeds. If bikes block the trail due to a stop or accident, limited line-of-sight can lead to collisions and severe accidents when following bikes crash into the blocking bike. With this work, we want to investigate if V2X communication can provide blocked trail warnings to approaching bikes so that riders can reduce their speed and avoid accidents. For this, a number of technologies that have been developed for collision warning in automotive and street-based scenarios need to be investigated, adapted, and tested for suitability. This includes the V2X communication module and antenna, that need to be adjusted to fit into a bike. Communication ranges and reliability have to be tested in realistic outdoor settings. Second, it needs to be reliably determined whether a bike actually blocks a trail or whether the rider just stopped next to it. For this purpose, GPS accuracy alone is insufficient and might have to coupled with crash detection using motion sensors or camera-based image recognition to detect whether a bike blocks a trail or not. Last but not least, a suitable user interface has to be developed and tested that allows to warn approaching drivers in a reliable and intuitive way which works even during trail rides. The envisioned thesis or project can address one or multiple of these challenges, multiple students could also collaborate on the topic. The project is collaboration between Ulm University and University of Trento. After prototype development, field tests in the Alps in South Tyrolia / Alto Adige are planned.

In the future, vehicles will be able to exchange information with each other and with infrastructure. In this way, applications for Cooperative, Connected and Automated Mobility (CCAM) such as Cooperative Intersection Management (CIM) can be realised. Since these applications are safety-critical, it is important for the application to evaluate the trustworthiness of the data provided by other entities before using them. How trustworthy the data are can be specified by the sender of the message. The structure of the messages is specified by ETSI (European Telecommunications Standards Institute). However, the current standard does not yet include trust opinions. Therefore, in this thesis/project, you will come up with a format for ETSI messages (e.g. CAMs) in which trust opinions for the provided data can be included. In the second step, you will implement your message format in a traffic and network simulation tool. Finally, you will compare the performance of the extended ETSI messages to standard ETSI message format based on certain performance metrics.

Subjective Logic (SL) is a mathematical framework for reasoning under uncertainty. It is useful for expressing opinions on how reliable information is (so-called Trust Opinions) and performing computations on these opinions. At our institute, we research applications of SL in the automotive domain, e.g. to express trust in data received from a sensor or from other vehicles. Current implementations of SL internally use floating-point arithmetic (IEEE 754) for performing calculations. However, IEEE 754 floating-point numbers are prone to introducing rounding errors. In safety-critical domains, failing to account for such errors might lead to catastrophic consequences. In this thesis/project, you will investigate the potential impact of floating-point errors in SL calculations and develop strategies to minimise it. You can choose your approach freely: whether you work theoretically (e.g. through a detailed study of literature) or practically (e.g. through implementing a test environment and explaining the observed effects) is up to you.

In the future, vehicles will exchange information regarding the current traffic situation and planned maneuvers. While this has the potential to improve safety and fuel efficiency though cooperative driving, it opens up a novel attack vector: malicious actors might inject incorrect information, which could lead to accidents and thus poses a serious threat to safety. One approach to mitigate such attacks makes use of Subjective Trust Networks: vehicles form Trust Opinions on other vehicles, which are expressed using Subjective Logic and stored in a graph structure. Different vehicles can merge their Trust Networks in order to gain a more complete picture of the trustworthiness of their communication partners and make more informed decisions. However, privacy and safety considerations forbid that different vehicles simply exchange their trust networks. This thesis/project should investigate the feasibility of merging an evaluating Subjective Trust Networks using Secure Multiparty Computation (SMPC). For this, it is first necessary to precisely define the task at hand: Which calculations must be performed under SMPC in order to protect confidential information? Which information cannot be protected? Second, a prototype for an example scenario in which vehicles merge and evaluate their trust Networks should be implemented using a suitable framework for SMPC. Third, benchmarks should be performed that show the (non-)applicability of SMPC for the described use-case.

In traditional password-based authentication schemes, users can typically recover a forgotten password using their email address or remembered security questions. This only works because a centralized service provider has the authority to simply overwrite the user's password. However, traditional recovery techniques are impractical for decentralized and privacy-preserving protocols, which often rely on the user having a private key that is unknown to the service. Various approaches have been proposed in the past to address this challenge, such as physically printing the key and storing it in a secure location (e.g., the user's sock drawer), or deriving the key from a user-defined password or generated mnemonic phrase. This thesis should provide an overview of key recovery mechanisms and compare them to each other. To evaluate the practicality of these mechanisms and their suitability for different user demographics, a user study should be designed and conducted.

Abstract: Policy Languages such as XACML or ALFA are well-known and well-defined in the area of access control. With Zero Trust Service Function Chaining (ZTSFC) [https://journal.ub.tu-berlin.de/eceasst/article/view/1138], an advanced Zero Trust (ZT) architecture, new requirements came up for such Policy Languages. The goal of the thesis is to set up a list of this requirements, to identify missing features in existing policy languages. Based on this, the most promising policy language is to be extended by this missing features.

An autonomous vehicle is equipped with a variety of sensors that produce large quantites of data which the vehicle uses to run a lot of different safety-critical functions, such as Cooperative Adaptive Cruise Control or Park Assist. In this thesis, we focus on the trust between the vehicle computer and other in-vehicle components that it relies upon to provide non-compromised data as input to different safety-critical functions. The goal of the thesis is to build a tool that will automate building of in-vehicular trust models based on a system model of a vehicle. A system model of a simplified vehicle will first need to be built by using the System Modeling Language (SysML). This model will serve as an input to the automation tool that needs to output a trust model in form of a Subjective Trust Network. The methodology for building such trust models within the framework of Subjective Logic will be provided.

Service Function Chaining (SFC) is a technice to steer traffic through specific network services. To proof that the traffic was actually forwarded through the specified services, a Proof Of Transit (PoT) is used. In this project, different PoT approaches are compared and the most promising solution implemented in a HTTPS-based SFC environment.

Security assessments of networked systems require knowledge about the utilized communication protocol. For proprietary protocols without known specification and with only limited access to the end-points, the only source of information is the communication itself. To correctly conclude from the captured byte stream to message-formats, -types, and finally a protocol model, structure, message- and field-boundaries, data-type, and semantics need to be inferred. After an initial inference procedure, it is desirable to refine the existing protocol model. Actively probing an entity for the validity of message syntaxes allows to targetedly enhance the knowledge about the protocol. To do this efficiently a smart method of automatically generating test-cases depending on the current protocol model needs to be developed.