We are pleased that you are interested in writing your thesis with us. We cover theoretical and practical fields as well as any combination thereof. Similar approaches, organizational regulations, and framework conditions apply to each thesis.

First of all, you should consider which subject areas you are most interested in or which suite you best. Then, you should select at least two topics that you would consider as a thesis topic. An irregularly updated and incomplete list of topics can be found below. Nonetheless, we can also discuss your own idea for a topic. Feel free to contact a chair member by e-mail anytime.

You should send us an e-mail with your preferred topics and shortly state your interest in these topics, which is further strengthened by highlighting your experience in the respective field. We would then discuss the potential topic with you, preferably during a (virtual) personal meeting, to make sure the topic is appropriate for the pursued degree and in line with our area of expertise.

  • Open Topics


    All topics available in FSS 2022 and HWS 2022/23 have been assigned. Please try again next semester.

    Bitcoin and similar cryptocurrencies are a great opportunity for research. Possible topics include:

    • Learning vector respresentations of blockchain entities
    • Forensic analysis of cryptocurrency services
      Many crytocurrency services, like exchanges, marketplaces, casinos etc., leave distinctive transaction patterns on the blockchain. Your task would be to identify such patterns in order to gain insights on the operations of these services.
    • Development of a cryptocurrency forensics tool
      Your task would be to design and implement the prototype of a cryptocurrency forensics tool. The tool should provide a GUI allowing users to look up Bitcoin addresses, as well as a convenient way of addig new identified addresses to the underlying database.

    If you're interested in writing a thesis on one of these topics or you want to discuss your own research idea, just contact Jochen Schäfer.

    Machine Learning Security

    All topics available in FSS 2022 and HWS 2022/23 have been assigned. Please try again next semester.

    In the context of security research, machine learning can be seen from two angles: Either as a possible target or as a tool for carrying out/defending against attacks. For example, there has been research in the following areas:

    • Attacks on Machine Learning
      • Data Extraction: Recovering training data from a trained model
      • Model Extraction: Recovering model parameters from a trained model
      • Data Poisoning: Injecting malicious traning data to manipulate the classifier
    • ML Applications in Security Research
      • Code/Instruction embeddings for malware classification
      • Identifying code authors based on coding style

    If one of these topics sparks your interest, or if you have an idea on your own, just contact Jochen Schäfer. Please note that you should have some prior experience in the ML domain, particularly with the models you intend to use.

    Analyzing The IoT Or IoT Devices

    This is a more or less generic topic open to anyone who wants to void some warranties of their Internet of Things (IoT) Device(s) to either simply see how things work under the hood or even trying to get IoT Device(s) to do things not designed for in the first place.

    If you already have an IoT Device, bring it, or maybe you have a favorite IoT Device you would like to analyze. Either way, contact Christian Müller to discuss the details.

    Implementations for CrypTool 2

    CrypTool 2 is an open-source program that allows you to try out various cryptographic methods. CrypTool 2 provides a visual programming interface which easily can be used to integrate and manipulate cryptographic functions into workflows. More specifically, the individual cryptographic methods are implemented by so-called plug-ins, which are represented by individual graphical objects. These can be combined with drag & drop on the graphical user interface. This approach makes it easy to visualise complex processes and thus to understand them better.

    Several existing cryptographic methods are to be implemented so that they can be officially recorded in CrypTool 2. This also includes the creation of documentation, the clean structuring and commenting of the source code, etc. The exact selection of the topics to be implemented is discussed with the student and the CrypTool 2 team.

    Contact person: Frederik Armknecht

    Graph Matching Attacks on Match Key based PPRL techniques

    Privacy-Preserving Record-Linkage (PPRL) techniques have been developed to link persons  without violating their privacy. However, a recently proposed graph matching attack on PPRL based on graph similarities seems to allow individuals' re-identification from encoded database. Therefore, the graph matching attack is widely considered a serious threat to many PPRL-approaches.
    A match-key is created by putting together pieces of information to create unique keys that are then hashed and used for automated matching, with the intention of eliminating some of the errors that might otherwise prevent an automated match (in cases where there is a discrepancy in one or more of the matching variables). For example, a match-key might be constructed from the first three characters of an individual’s forename and surname, combined with their date of birth, sex and postcode district. The match-key based PPRL techniques are widely used in practice, usage of such techniques including but not limited to the Office for National Statistics (ONS) of the UK and the Federal Statistical Office of Germany. However, the potential vulnerabilities of the match-key based PPRL techniques have not been exposed. Specifically, the impact of graph matching attacks on match-key based PPRL techniques are not fully researched.
    A variant of match-key approach called Derive and Conquer method was devised by the ONS and used in practice. The goal is to first implement PPRL using Derive and Conquer method, and then
    implement the graph matching attack on such scheme using real/synthetic databases.

    Contact person: Youzhe Heng

  • Registration

    After agreeing on a topic, we discuss the expected content and agree on a preliminary structure, usually in the form of a table of contents. This may serve you as a guide while writing your thesis.

    Before you can start working on your thesis, we need additional information for the official thesis registration. The required information consists of

    • Your full name
    • Your matriculation number
    • Your address
    • Your pursued degree
    • Your study program
    • The language of writing (i.e. English or German)

    The deadline for submitting your thesis is set with registration and depends on the type of thesis and your examination regulations – usually, you have three months for working on a Bachelor's thesis and six months for a Master's thesis.

    Unlike other assessments, a thesis can be started flexibly during a semester irrespective of lecture or examination periods.

  • Form

    In general, we are much more interested in content than in form. You should be able to write down the content in a precise but detailed way and use a scientific writing style. You are free to write your thesis using LaTeX, Word, or any other program. However, we recommend the use of LaTeX.

    Font, font size, line spacing, margins and the like should be reasonable. As a rough guideline, we expect 30 pages for a Bachelor's thesis and 60 pages for a Master's thesis, however, this is not definitive. Depending on the topic, including screenshots, graphics, and source code (snippets) can be beneficial, possibly resulting in a higher total number of pages.

  • Supervision

    It is your responsibility to organize and manage the time available for writing your thesis. Formally, you are not required to keep your supervisor(s) up to date. However, we recommend contacting your supervisor(s) regularly as it helps you to stay on track and to tackle potentially emerging problems early on. Discuss your preferred style of supervision with your supervisor(s).

  • Submission

    You have to submit your thesis no later than the deadline as defined by the registration. As per most examination regulations, you are required to hand in two printed copies including a signed affidavit (cf. your examination regulation for the exact wording), and a digital copy, preferably as a PDF file. You should send the digital version directly to your supervisor(s). Consider using duplex printing for the two hard copies with a binding of your choice.

  • Talk

    Depending on your examination regulations, you may have to present your thesis in form of a talk. However, even if you are not obliged to, we encourage everyone to seize this opportunity as you can strengthen your presentation skills, especially when presenting scientific work to an academic and diverse audience. Such a talk should take about 30 minutes and include five minutes for questions from the audience. Please note that any voluntarily given talk will not be graded.