Open Theses

21 Entries found


There is an increasing number of applications and technical systems in which the physical presence of one device unlocks a certain functionality of another device. Prominent examples include touchless access systems, wireless payment services, and localization services. Touchless access systems, for instance, unlock doors merely by means of the physical presence of a wireless token. Many of such systems are based on the assumption that the presence of a wireless signal proofs the proximity of the respective communication device. This assumption may seem plausible at a first glance due to the limited range of electromagnetic waves. However, several such systems have been shown to be vulnerable to relay attacks [1 - 4], in which a man-in-the-middle (MITM) attacker extends the range of the wireless signal between two trusted devices in both directions in order to unlock the functionality of one device (e.g., opening the car) without the physical presence of the other device (e.g., the car key).
The goal of this project is to implement a secure protocol on software-defined radios that effectively prevents relay attacks between two devices. The protocol shall be implemented on software-defined radios in real-time operation. The envisioned technique makes use of hyperbolic multilateration based on time difference of arrival (TDoA) and works for scenarios in which the blind node is trustable and actively participates in the protocol. As opposed to previous work in our group that was based on differential time difference of arrival (DTDoA), this project is going to rely on antenna synchronization at the terminal, and the ability to synchronize the blind node via synchronization frames. This will essentially allow to use the phase as an additional measure besides timestamps for precise TDoA estimation.

[3] A. Francillon, B. Danev, and S. Capkun. “Relay Attacks on Passive Keyless Entry and Start Systems in Modern Cars.” In: Network & Distributed System Security. NDSS. The Internet Society, Feb. 2011. [Online]
[4] R. Silberschneider, T. Korak, and M. Hutter. “Access Without Permission: A Practical RFID Relay Attack.” In: Austrochip 2013, 21st Austrian Workshop on Microelectronics, Linz, Austria, October 10, 2013, pp. 59–64.[Online]

Carrier-sense multiple access (CSMA)-type random access algorithms and their variants such as the queue-length based CSMA (Q-CSMA) [1] are widely adopted in the ad-hoc wireless networking community. Their performance with respect to various metrics, such as throughput and delay have been studied in the literature under different sets of assumptions. Some of these link scheduling algorithms or medium access control (MAC) algorithms have been shown to possess good theoretical guarantees such as throughput optimality. However, there is a need for scheduling algorithms that optimize a combination of two or more performance metrics. An example would be to optimize delay while keeping the queue lengths below a pre-specified threshold. The objective of this master thesis is to design scheduling algorithms to enhance the performance of wireless multi-hop networks based on machine learning techniques. A possible approach to solve this problem in a decentralised fashion is to formulate a suitable decentralised partially observable Markov decision process (Dec-POMDP). Since solving a Dec-POMDP is computationally infeasible for large state spaces, an important aspect of the master thesis will be to devise an approximate solution method for the associated Dec-POMDP tailored to the wireless multi-hop networking setup. The thesis will be supervised by Wasiur Rahman Khuda Bukhsh from the Bioinspired Communication Systems Lab and co-supervised by Robin Klose from the Secure Mobile Networking Lab, department of Computer Science, Technische Universität Darmstadt. The candidate will get an opportunity to test his/her ideas on full-stack simulation environments. Good programming skills are a prerequisite. The candidate is expected to be familiar with Markov chains. Willingness to learn some machine learning topics as and when required is also necessary for this project.

Contact person: Wasiur Rahman Khuda Bukhsh

[1] J. Ni, B. Tan, R. Srikant, Q-CSMA: Queue-Length-Based CSMA/CA Algorithms for Achieving Maximum Throughput and Low Delay in Wireless Networks, IEEE/ACM Transactions on Networking, 10.1109/TNET.2011.2177101, 2012.
[2] M. Abu Alsheikh, D. T. Hoang, D. Niyato, H. P. Tan, S. Lin, Markov Decision Processes With Applications in Wireless Sensor Networks: A Survey, IEEE Communications Surveys Tutorials, 10.1109/COMST.2015.2420686, 2015.

Rapid Prototyping of Real-Time Wi-Fi on SDRs

Bachelor Thesis, Master Thesis, Project

Rapid prototyping allows to evaluate the system performance in an early stage of development under highly realistic conditions. The goal of this project is to build a real-time Wi-Fi design on the FPGA of a USRP N210 [1] software-defined radio (SDR) with Matlab/Simulink and other tools. This work should essentially serve as a rapid prototyping framework that automates much of the design process when shifting innovative Wi-Fi designs in Matlab to practical real-time implementations on SDRs.

Beam-steering is the backbone of millimeter-wave (mm-wave) networks and key to achieve data-rates of multiple gigabit per second. Nodes must steer their antennas so that they maximize the signal gain towards the intended communication partner. In large networks with dense deployments, nodes should also encounter for interference with concurrent communication of other nodes to not impair other communication links. 

Comparing Wi-Fi FullMAC and SoftMAC Implementations on the same Hardware

Bachelor Thesis, Master Thesis, Diploma Thesis, Student Research Project

In this thesis, you may interface a FullMAC Broadcom Wi-Fi chip using a SoftMAC driver to bypass the internal firmware and gain flexibility of modifying the chips behaviour. The chip may be a BCM4358 installed in Nexus 6P smartphones. Having a SoftMAC implementation, you should evaluate its performance against a FullMAC implementation by concidering processing delays and energy consumption.

Implementing an LLVM backend for Broadcom's D11 core

Bachelor Thesis, Master Thesis, Diploma Thesis, Student Research Project

TETRA Security

Bachelor Thesis, Master Thesis, Diploma Thesis

We have a basic fuzzing framework for a digital trunked radio protocol, TETRA, which is used by public services. First tests showed that devices implementing this protocol have severe security issues, for example, freezing and rebooting devices with minor packet modifications is possible. Since this technology is used by emergency services and big companies, these security issues are very critical, and hence need to be revealed and fixed.

Prof. Dr.-Ing. Matthias Hollick

Technische Universität Darmstadt
Department of Computer Science
Secure Mobile Networking Lab 

Mornewegstr. 32 (S4/14)
64293 Darmstadt, Germany

Phone: +49 6151 16-25472
Fax: +49 6151 16-25471

A A A | Drucken Drucken | Impressum Impressum | Sitemap Sitemap | Suche Suche | Kontakt Kontakt | Webseitenanalyse: Mehr Informationen
zum Seitenanfangzum Seitenanfang