Main Research Areas for Bachelor / Master Theses and Practical Projects

In the following you will find the main research areas for which we offer bachelor and master theses as well as practical projects (individual / group projects) and seminars. For a specific topic and questions about the research areas, please contact the appropriate contact person.

Entwicklung eines Cyber Threat Intelligence orientierten Fusion Cell Konzepts im Rahmen von Cyber Angriffen auf Kritische Infrastruktur

Die Bedeutung von Cyber Threat Intelligence (CTI) nimmt in Hinblick auf die steigende Cyber
Bedrohungslage immer mehr zu. CTI kann nützliche Informationen für Cyber Defense Operationen
liefern und durch ein gezieltes Teilen einen großen Mehrwert für die gesamte Cyber-Security
Community bieten. Derzeit gibt es lediglich rudimentäre Ansätze zum Teilen von CTI-Informationen,
MISP und OpenCTI sind hier bekannte Beispiele. Jedoch werden diese Tools nicht in dem vollen
Umfang genutzt; die Prozesse zur Nutzung sind schlicht nicht auf die derzeitige Bedrohungslage und
IT-Sicherheitsinfrastruktur der Organisationen angepasst.

In dieser Arbeit soll ein Prozess entwickelt werden, welcher die Informationen von einem Cyber Angriff
auf eine Kritische Infrastruktur (KRITIS) von der untersten taktischen Ebene bis hin zur strategischen
Ebene transportiert und dafür sorgt, dass einfache Möglichkeiten des Teilens mit anderen
befreundeten Blue Teams bestehen.

Konkret umfassen die Informationen bei einem Cyber Angriff auf eine KRITIS Elemente wie den Hash
einer Malware, die IP, von welcher ein DOS-Angriff kam oder ein auffälliger Benutzer, welcher im
System angelegt und von den Angreifern genutzt wird. Durch das Teilen dieser Informationen können
zum einen die anderen Blue Teams diese Angriffsvektoren direkt mitigieren, so dass es bei diesen
Teams nicht zu genau denselben Angriffen kommt. Zum anderen ist aber auch eine Attribuierung der
Advanced Persistent Threats (APTs) durch das Erfassen und Analysieren der Tactics, Techniques and
Procedures (TTPs) möglich. Dazu ist zu untersuchen, welche wissenschaftliche Methode dafür am
besten genutzt werden kann (welche Informationen bieten bei welchen Cyber Angriffen einen
Mehrwert für ein Blue Team, welche Tools können die Anforderungen abdecken).

Das erarbeitete Konzept soll in mindestens einer der beiden Übungen (Locked Shields 25 im April oder
CyberFlag 25 im Mai) in der Praxis durch einen eigens entwickelten Prototyp (z.B. in Form einer Web
Anwendung), welcher das Konzept nutzerfreundlich abbildet, sowie durch Experten-Interviews und
Umfragen evaluiert werden. Als Grundlage stehen bereits erarbeitete Prozesse aus den beiden
genannten Übungen sowie Related Work im Bereich CTI zur Verfügung.


Voraussetzungen:

  • Bereitschaft zur Durchführung der Forschungsarbeit in englischer Sprache
  • Sicherheitsüberprüfung Ü2 (oder Bereitschaft, diese einzuleiten)
  • Interesse an mensch-zentrierte Forschung (Mensch-Computer Interaktion, Benutzbare Sicherheit)
  • Selbständiges Arbeiten 
  • Kreatives and problemorientiertes Denken
  • Kenntnisse grundlegender empirischer Forschungsmethoden (z.B. Interviews, Umfragen) und Auswertungsmethoden (z.B. thematische Analyse) hilfreich
  • Grundlegende Programmierkenntnisse

 

Rahmenbedingungen:

  • 01.02.2025 – 31.07.2025
  • Vorwiegend remote mit wöchentlichen Meetings und mit vor Ort Anteilen am ZCSBw in Euskirchen und mindestens einer der beiden oben genannten Übungen

 

Kontakt:

Alexander Nußbaum

Security-Behavior Enhancing User Interfaces

The rapid development of digital technologies and the increasing threat to cybersecurity have led to a growing need for innovative security solutions in public spaces. An example of user interfaces that can enhance security behavior are Public Security User Interfaces. These are interfaces positioned in shared, non-personal areas, providing information or interactions on security-relevant topics. These interfaces play a crucial role in delivering security information, creating awareness, triggering actions and sparking conversations to promote secure behavior. The primary goal of this research is to explore the design, implementation, and impact of Public Security User Interfaces, to facilitate users' transition from cybersecurity awareness to habitual secure behavior.

Thesis topics in this area include:

  • Behavioral analysis of user interaction with Public Security User Interfaces
  • Personalization strategies to support secure behavior
  • Content selection and dynamic adaptation to target audiences and contextual factors

 

Recommended knowledge and interests:

  • Knowledge in Human-Computer Interaction
  • Knowledge in Usable Security and Privacy
  • Interest in Public Displays
  • Interest in conducting a thorough literature review
  • Independent thinking and creative problem solving

 

Contact:

Doruntina Murtezaj

Social Engineering

Cybercrime currently causes global economic damage amounting to several trillion euros (Germany 2018: approx. 100 billion euros). According to expert analyses, in up to 90% of cases this damage is a direct or indirect result of attacks that focus on humans. Here, attackers exploit authority, fear, curiosity or helpfulness with the aim of manipulating their victims to obtain sensitive data. Examples include phone calls to obtain user credentials, emails containing attachments with malware to gain access to protected networks, or deep fakes to fake an identity.

Theses in this area address a variety of questions:

  • How do people behave during social engineering attacks?
  • How can social engineering attacks be detected?
  • Which context factors favor social engineering attacks?
  • How can user interfaces be developed to protect against social engineering attacks?

 

Recommended Skills and Interests

  • Interest in human-centered attacks
  • Knowledge in qualitative and/or quantitative research methods
  • Interest in conducting a thorough literature review

 

Readings

 

Contact

Dr. Verena Distler

Felix Dietz

Security and Privacy in Mixed Reality

Mixed Reality devices quickly find their way into users’ daily life, in particular in the form of head-mounted displays. Users can emerge into virtual worlds or augment the virtual world with physical content, supporting a wide range of application areas, including but not limited to entertainment, work, training, and wellbeing. While these technologies allow an ever-increasing number of exciting features to be built for the aforementioned areas, they also pose challenges and create opportunities for security and privacy.

Theses in this area will broadly deal with two questions: (1) How can Mixed Reality address existing privacy and security challenges? (2) Which challenges regarding privacy and security emerge in the context of Mixed Reality and how can these be mitigated?

 

Recommended Skills and Interests

  • Interest in VR/AR technology
  • Knowledge in qualitative and/or quantitative research methods
  • Interest in conducting a thorough literature review
  • Interest in learning, e.g Unity

 

Readings | Literatur

 

Contact

Please provide your CV, your degree certificate and planned start date.

Verena Winterhalter

Viktorija Paneva

Behavioral Biometrics

The use of biometric mechanisms – that is authentication that is based on unique features of a user's physique or behaviour – is a convenient and fast alternative to classical token- or knowledge-based authentication. Popular representatives are e.g. fingerprint, face recognition or keystroke biometrics. However, those systems are usually based on machine learning algorithms and thus decisions are both hard to comprehend and influence for users.

 

In this research area we explore novel approaches to empower users to understand and influence the outcome of (black box) biometric systems and build nove approaches with the user in mind.

Some of the questions guiding this work are:

  • How can users explore and understand influences on the decision making process of biometric systems
  • How can user interfaces for biometric systems be designed to more clearly communicate robustness and accuracy of predictions
  • How can users influence how they are recognized, i.e. by changing their behaviour
  • How can users be nudged to show more unique behaviour
  • How can biometric authentication be embedded in natural interaction

Specific research approaches include but are not limited to investigations of (real-world) user behavior (for example, using observations, interviews, surveys) as well as design, implementation and evaluation of novel security and privacy concepts.

 

Recommended Skills and Interests

  • General interest in biometrics, authentication and machine learning
  • Knowledge in qualitative and/or quantitative research methods
  • Solid programming skills (e.g. Python or Android)

 

Readings

 

Sample Thesis

Reauthentication Concepts for Biometric Authentication Systems on Mobile Devices

 

Contact

Lukas Mecke

Gaze for Security Applications

Eye trackers are increasingly becoming more accurate, affordable, and are already integrated into some consumer devices. The use of gaze behavioural data can reveal many information about the user. It can also be used as a biometric to enhance user’s security and enable novel authentication concepts.

 

In this research area we explore the use of gaze to enhance security systems/mechanisms. This work tries to answer -and not limited to - the following research questions:

  • What are the characteristics of users’ gaze in security-related contexts? 
  • How can existing security mechanisms be enhanced by means of gaze data?
  • How can gaze data be leveraged to design novel security mechanisms?
  • How can gaze-aware secure systems protect users’ privacy?
 

Recommended Skills and Interests

  • Interest in Security/privacy
  • Interest to learn about eye tracking and machine learning
  • Knowledge in qualitative and / or quantitative research methods
  • Interest in research in the field
  • Good programming skills

 

Readings

 

Contact

Yasmeen Abdrabou

Virtual Reality

The advent of Virtual Reality (VR) devices provides an opportunity to transfer parts of the research until now being conducted in the field to the lab. The reason is that virtual reality allows for creating realistic experiences that elicit behavior comparable to the real world. The objective of this thesis is to investigate, which research questions are particularly suitable for investigation in VR. In particular, the task of the student is to review previous work that investigated VR as a research tool. Subsequently, one application area should be investigated in more detail. The work will be complemented by a discussion of the strengths and weaknesses of the approach and how it can be expected to generalize to other application areas.

 

Recommended Skills and Interests

  • Interest in VR/AR technology
  • Knowledge in qualitative and/or quantitative research methods
  • Interest in conducting a thorough literature review
  • Interest in learning, e.g Unity
 
Contact

Oliver Hein

Tangible Secure User Interfaces

In the era of ubiquitous computing, users’ security and privacy is at risk at almost all times. Security and privacy assistants support their users in becoming aware of these risks and taking the appropriate measures to protect their data. However, they often suffer from being too complex, not intuitive and non-engaging. Hence, in order to truly enable less tech-savvy or inexperienced persons to use security and privacy assistants, we argue that such mechanisms must become tangible.

 

Recommended Skills and Interests

  • Interest in Usable Security
  • Knowledge in the area of human-computer interaction & qualitative and/or quantitative research methods
  • Independent thinking and creative problem solving
  • For some projects: interest in Fabrication (e.g. 3D modeling/printing, electronics, soldering)

 

Readings

 

Contact

Sarah Delgado Rodriguez

Further recently offered topics

Im Folgenden finden Sie aktuell ausgeschriebene Bachelor- und Masterarbeitsthemen, sowie Arbeitsthemen zu Praxisprojekten und Seminararbeiten. Falls Ihnen ein Thema zur Bearbeitung zusagt und Sie detaillierte Fragen haben, wenden Sie sich bitte an die entsprechende Kontaktperson.

 

Titel

Betreuer/in

 

BA/MA: A Platform to Support Self-Commitment for Secure Behavior

As cybersecurity threats continue to evolve, the need for innovative tools to promote secure behavior among users is more critical than ever. This thesis offers an exciting opportunity to develop an Android app aimed at facilitating self-commitment to security practices, with a special focus on the adoption of a password manager.
The implementation will involve the creation of a user-centered Android application designed to encourage users to commit to and maintain secure online behaviors. The app will integrate interactive elements that support users in setting security-related goals, tracking progress, and receiving timely reminders to enhance their digital security practices. A key feature will be the promotion of a password manager as a foundational step towards robust cybersecurity.

Research Questions:

  • How can self-commitment tools be effectively implemented in a mobile application to promote secure behaviors?
  • What impact does a self-commitment app have on the adoption and sustained use of a password manager among users?
  • How do reminders and feedback within the app influence user behavior and perception of cybersecurity?Tasks:
  • Develop an Android app that allows users to set, monitor, and achieve cybersecurity goals through a self-commitment framework
  • Implement interactive features such as goal-setting functionalities, progress tracking, and personalized reminders
  • Evaluate the effectiveness of the app in increasing user engagement, motivation, and adherence to secure behavior practices

 

Candidate Profile:
We are seeking highly motivated Bachelor’s or Master’s students with a background in Computer Science, in Usable Privacy and Security, or related fields. Candidates should possess:

  • Solid programming skills, particularly in Android development
  • Basic knowledge of UI/UX design, usability and usable security
  • Interest in conducting a thorough literature review
  • Interest in Human Computer Interaction
  • Independent thinking and creative problem solving

Doruntina Murtezaj

 

MA: Offline (Quantum) Key Distribution II - Sicherheitsanalyse: Empfundene vs. Tatsächliche Sicherheit

Man stelle sich vor, Bobs Büro ist über eine (quanten-)verschlüsselte Verbindung mit einem Server verbunden. Wie könnte Bob von seinem Heimbüro aus auf diesen Server zugreifen, wenn er zu Hause nicht über die erforderliche Hardware verfügt? Nun, er könnte sich in seinem Büro Schlüssel besorgen und sie auf seinem persönlichen Schlüsseltresor-Token speichern. Anschließend könnte er den Token zu Hause benutzen und sich mit dem Server verbinden.

Das Thema der Offline-Verteilung von kryptographischen Schlüsseln ist für Forscher und Experten gleichermaßen interessant, auch außerhalb des QKD-Kontextes. Ihre Arbeit würde sich um die Bewertung bereits existierender Geräte drehen, die zur Speicherung und Übertragung von QKD-Schlüsseln (oder symmetrischen kryptografischen Schlüsseln im Allgemeinen) verwendet werden könnten.

Ausführlichere Informationen zum Thema dieser Arbeit finden Sie in diesem PDF (auf englisch).

Sarah Delgado Rodriguez

 

General Information

Master or Bachelor Thesis at the UniBW

A thesis has to be registered at the axamination office after agreeing on a topic. After the registration a bachelor thesis has to be submitted in 3 months and a master thesis in five months. In addition to the submission of the written thesis, an oral presentation is required, too. Find the relevant regulations in ABaMaPO, FPO §5 and in the module manual.
 

 

Our Groups Special Requirements

 The "Usable Security and Privacy" group emphasizes collaboration and exchange of ideas and thus, requires a regular participation in their monthly lab-meetings. An accurate preparation of this meetings is required, too, as the students should prepare a short presentation of their progress in their projects based on some slides.

Please remember to include codes, questionnaires, datasets etc. in the final submission by adding an CD or USB-Stick. We also expect the students to include a short video which presents their project and sums the most important results up (3 to 5 minutes). In general, a documantation of the project with fotos or videos is desired.
 
You can find interesting templates and informations about students' thesis on our downloads page.
 

Examples - Finished thesis

You can find here some examples of finished theses, which can be used as an inspiration for your own thesis:

 

Reauthentication Concepts for Biometric Authentication Systems on Mobile Devices

Bachelors Thesis, Author: Sarah Delgado Rodriguez, LMU Munich, Date of submission 04.10.2018

 

Time-constrained access control for mobile devices

Masters Thesis, Author: Fabian Hartmann, LMU Munich,  Date of submission: 03.08.2015