top of page


01 - Bring your own Bug



The new paradigm of "Bring Your Own Device" (BYOD), which is intended to enable and encourage the use of private devices in the work environment, brings with it its own class of security risks. These arise from the fact that employers generally cannot or are not allowed to prescribe in detail to their employees what they may or must install on their devices (e.g., smartphones).The above scenario involves the risk that employees will introduce powerful devices that are constantly connected to the Internet and equipped with a wide range of sensors into sensitive company contexts. In addition to the case of a deliberate insider attack by an employee, there is also the external attacker: Here it is conceivable that, without an employee's knowledge, his or her smartphone is compromised by malware.


What is this Thesis about?

In this work, we will investigate how realistic and simple a possible attack can look. The initial situation for our attack concerns almost everyone who puts their smartphone on the desk next to the keyboard (e.g., to charge the battery). Specifically, we want to find out whether passwords entered in such a case can be reconstructed by means of sensors (microphone, accelerometer, ...) (keyboard-, user-, desk- and environment-independent).


MaThe, BaThe, PhD


Within the project "Efficient key management for more security in the 'Internet of Things'", PROPHYLAXE for short, an alternative concept for key generation is to be applied to "Internet of Things" scenarios, which is particularly suitable for small embedded nodes. The essential question in practice is always: How can ALICE and BOB agree on such a secret without EVE also learning the key? The basic principle of the PROPHYLAXE method is the following: If ALICE and BOB measure their common channel almost simultaneously, its transmission parameters (e.g., effective signal strength) will be strongly correlated for both parties-this is called reciprocity. Since the transmission parameters are affected by the channel's environment (e.g., signal reflections, refractions, interferences, interference, etc.), they cannot be predicted and behave as if randomly. As a consequence, the measurement of the channel in ALICE and BOB generates a series of random numbers that are very similar.

prophylaxe (2).png

What is this Thesis about?

We are looking for different Master and Bachelor theses for this topic.

MaThe prototype: As part of a master's thesis, you would extend miniature systems that communicate via Bluetooth- or ZigBee-based with our approach. Thus, highly current Internet-of-Things applications (Smart Home, Industry 4.0, ...) can be addressed.

MaThe protocol: PHYSEC is a completely new symmetric primitive. With PHYSEC we are for the first time able to realize a dynamic SYMMERIC key management! There are no protocols for this yet (possibly comparable with PKI approaches or Kerberos). In the context of a master thesis new protocol approaches are to be developed and implemented into an OpenSource-SmartHome-Server.

BaThe Experimental security analysis: In order to make the key generation attack-proof, we naturally also take care of the exciting task of how the system can be compromised. Here, you could cover parts of the security analysis as part of a thesis. As part of the bachelor thesis, you would set up a PHYSEC contest. Based on passive attackers, the contest would ask all interested security experts to evaluate our system. - A second thesis would involve active channel manipulation attacks.

03 - Location-based Group-Key Extraction from the Sky

MaThe or challenging BaThe


Location or proximity based key establishment enables security that is intuitive and easy to understand. For example, it would be nice to provide all cars within a given environment with a group key for privacy-preserving/anonymous communication. However, using state-of-the-art approaches, such as, pseudonym certificates, are insufficient and new solutions are urgently needed for C2C/C2X-communication.

What is this Thesis about?

We propose a group key extraction mechanism that is based on time/space-complexity. Specifically we use the random time/space behavior of the ionosphere (we start with the one of our earth) to generate vicinity-based key material. We have developed a first ionosphere measurement setup utilizing signals from GPS-satellites. The setup is based on GNU-radio [1] and GNSS-SDR [2]. We are searching for a Master (or highly motivated Bachelor) student who is interested in wireless systems and software-defined radios. You need to be able to program C (maybe also C++) and Python.

bottom of page