Theses

The project concept “AI-based analysis and utilization of physical signal parameters for securing smart home systems” involves researching and prototypically developing the so-called “Physical-Guards” approach. This contributes to the research area of “Physical Layer Security” by adapting and further developing the state of science and technology from the fields of IT security and data science/machine learning. The foundation for the research approach is the exploitation of physical parameters (e.g., local signal strength) of wireless communication in smart homes to a) detect attacks on the smart home infrastructure, b) secure the integrity of signals, and c) ensure the confidentiality of security-critical information. Compared to or in conjunction with other IT security measures, Physical-Guards technology promises the following advantages: the physical properties of communication signals are subject to laws of nature. Considering these properties through security infrastructure makes many attack strategies impossible or significantly more difficult. Additionally, security concepts based on the physical layer have the advantage that in smart homes, the large heterogeneity of standards and communication protocols at higher layers does not limit the deployability of security technology due to technical incompatibilities with IoT devices. The project consortium consisting of the University of Mannheim (specifically the two research groups Dependable Systems Engineering (IT security) and Institute for Enterprise Systems (AI/Machine Learning)) as well as the medium-sized industrial technology partners M2M Germany and osapiens.

Goals or topics of a possible thesis could be:

1. detect attacks on the smart home infrastructure,
2. secure the integrity of signals, and/or
3. ensure the confidentiality of security-critical information.

As these areas are rather broad, a potential thesis topic will be a subset of the above stated.

For further details, questions and/or proposals of your own ideas connected with the descripted project, please feel free to contact Yves T. Staudenmaier.

This is a more or less generic topic open to anyone who wants to void some warranties of their Internet of Things (IoT) Device(s) to either simply see how things work under the hood or even trying to get IoT Device(s) to do things not designed for in the first place.

If you already have an IoT Device, bring it, or maybe you have a favorite IoT Device you would like to analyze. Either way, contact Christian Müller to discuss the details.

Description:
CrypTool 2 is an open-source program that allows you to try out various cryptographic methods. CrypTool 2 provides a visual programming interface which easily can be used to integrate and manipulate cryptographic functions into workflows. More specifically, the individual cryptographic methods are implemented by so-called plug-ins, which are represented by individual graphical objects. These can be combined with drag & drop on the graphical user interface. This approach makes it easy to visualise complex processes and thus to understand them better.

Goal: 
Several existing cryptographic methods are to be implemented so that they can be officially recorded in CrypTool 2. This also includes the creation of documentation, the clean structuring and commenting of the source code, etc. The exact selection of the topics to be implemented is discussed with the student and the CrypTool 2 team.

Contact person: Frederik Armknecht

Privacy-Preserving Record-Linkage (PPRL) techniques have been developed to link persons  without violating their privacy. However, a recently proposed graph matching attack on PPRL based on graph similarities seems to allow individuals' re-identification from encoded database. Therefore, the graph matching attack is widely considered a serious threat to many PPRL-approaches.
A match-key is created by putting together pieces of information to create unique keys that are then hashed and used for automated matching, with the intention of eliminating some of the errors that might otherwise prevent an automated match (in cases where there is a discrepancy in one or more of the matching variables). For example, a match-key might be constructed from the first three characters of an individual’s forename and surname, combined with their date of birth, sex and postcode district. The match-key based PPRL techniques are widely used in practice, usage of such techniques including but not limited to the Office for National Statistics (ONS) of the UK and the Federal Statistical Office of Germany. However, the potential vulnerabilities of the match-key based PPRL techniques have not been exposed. Specifically, the impact of graph matching attacks on match-key based PPRL techniques are not fully researched.
Goal:
A variant of match-key approach called Derive and Conquer method was devised by the ONS and used in practice. The goal is to first implement PPRL using Derive and Conquer method, and then
implement the graph matching attack on such scheme using real/synthetic databases.

Contact person: Youzhe Heng

After agreeing on a topic, we discuss the expected content and agree on a preliminary structure, usually in the form of a table of contents. This may serve you as a guide while writing your thesis.

Before you can start working on your thesis, we need additional information for the official thesis registration. The required information consists of

• Your full name
• Your matriculation number
• Your address
• Your pursued degree
• Your study program
• The language of writing (i.e. English or German)

The deadline for submitting your thesis is set with registration and depends on the type of thesis and your examination regulations – usually, you have three months for working on a Bachelor's thesis and six months for a Master's thesis.

Unlike other assessments, a thesis can be started flexibly during a semester irrespective of lecture or examination periods.

It is your responsibility to organize and manage the time available for writing your thesis. Formally, you are not required to keep your supervisor(s) up to date. However, we recommend contacting your supervisor(s) regularly as it helps you to stay on track and to tackle potentially emerging problems early on. Discuss your preferred style of supervision with your supervisor(s).

You have to submit your thesis no later than the deadline as defined by the registration. As per most examination regulations, you are required to hand in two printed copies including a signed affidavit (cf. your examination regulation for the exact wording), and a digital copy, preferably as a PDF file. You should send the digital version directly to your supervisor(s). Consider using duplex printing for the two hard copies with a binding of your choice.

Depending on your examination regulations, you may have to present your thesis in form of a talk. However, even if you are not obliged to, we encourage everyone to seize this opportunity as you can strengthen your presentation skills, especially when presenting scientific work to an academic and diverse audience. Such a talk should take about 30 minutes and include five minutes for questions from the audience. Please note that any voluntarily given talk will not be graded.