# Theses topics, completed

The following list describes completed theses or internships. You should get an impression of which kind of theses you can do with us. If you are interested in writing a thesis with us, contact us.

- Secure mobile phone calls
- Modern mobile phones allow for a lot of additional software. The aim of this thesis is to demonstrate by an actual implementation that secure mobile calls are possible (and transparent).
- Execute This! Analyzing unsafe and malicious dynamic code loading in Android applications
- The design of the Android system allows applications to load additional code from external sources at runtime. On the one hand, malware can use this capability to add malicious functionality after it has been inspected by an application store or anti-virus engine at installation time. On the other hand, developers of benign applications can inadvertently introduce vulnerabilities. In this thesis, we systematically analyze the security implications of the ability to load additional code in Android. We developed a static analysis tool to automatically detect attempts to load external code using static analysis techniques, and we performed a large-scale study of 1,632 popular applications from the Google Play store, showing that loading external code in an insecure way is a problem in as much as 9.25% of those applications and even 16% of the top 50 free applications. We also show how malware can use code-loading techniques to avoid detection by exploiting a conceptual weakness in current Android malware protection. Finally, we propose modifications to the Android framework that enforce integrity checks on code to mitigate the threats imposed by the ability to load external code.
- Factoring-based cryptography: The Hofheinz-Kiltz-Shoup cryptosystem
- Security is a crucial property for any cryptographic system. The scientific approach of modern cryptography relates the security property to the difficulty of some well-studied mathematical problem. One of the most famous of such problems is factoring composite numbers. Hofheinz, Kiltz, and Shoup (2011) present a system whose security is provably equivalent to the factoring problem. It is referred to as the Hofheinz-Kiltz-Shoup cryptosystem (HKS). However, the HKS is not a public key encryption scheme for arbitrary data, but rather a key encapsulation mechanism (KEM) for transmitting randomly generated keys. To actually encrypt and decrypt data, a KEM has to be used in combination with a data encapsulation mechanism (DEM). The formalization of KEM/DEM is due to Cramer and Shoup (2004). We discuss how to get rid of the two common assumptions underlying the HKS construction: the infinitude of Sophie Germain primes and the existence of a second-preimage resistant hash function. For this, we apply the notion of "safe prime" suggested by von zur Gathen and Shparlinski (2013) to the HKS, making the key generation algorithm of the HKS unconditionally efficient. Furthermore, we provide three different variations of the HKS, all of them circumventing the hash function requirement of the original HKS. By this, the additional assumption of a second-preimage resistant hash function can be dropped, and the system gets conceptually simpler. With the third variant, we finally present a complete public key encryption scheme secure solely under the factoring assumption and liberated from the KEM/DEM paradigm.
- Non-cooperatively computable functions
- Mutually distrusting parties can evaluate a function on their private data using secure multi-party computation protocols. In the standard multi-party computation setting we want to achieve a correct result, while not revealing anything about the inputs. In this work we consider the case that some parties have goals beyond correctness and privacy and therefore might not follow the protocol honestly. Non-cooperative computation considers players that wish to gain as much information from the execution of a protocol as possible, while preventing others from learning anything at all. In this work we formally introduce the goals of such players. We show when it is an optimal strategy for all players to input correct data and believe the return value. We generalize the existing results on non-cooperatively computable Boolean functions by presenting a theorem for non-cooperatively computable functions for general functions.
- Decomposition of polynomials
- One is interested in functional decomposition f = g(h) of polynomials. First an algorithms is described, which computes decompositions in polynomial time. This algorithm was originally proposed by Zippel (1991). A bound for the number of minimal collisions is derived. Finally a proof of a conjecture in von zur Gathen et al. (2010) is given, which states a normal form for a special class of decomposable polynomials.
- Elliptic curve signatures with security reductions
- Recently, several signature schemes have been proposed that offer additional features and have strong security reductions. Investigation of existing schemes may lead to further new features.
- Web application vulnerabilities and exploits
- The thesis will provide an insight into the security aspects of Digital Signatures and Digital Certificates, the desired properties of a Web Application providing issuance, revocation, etc. of Digital Certificates; and cover various attack models exploiting the vulnerabilities in such a Web Application. It would aim toward exploring how(why) various attacks exploit flaws in the design and implementation of a web application and their countermeasures.
- An In-Depth Study of Contemporary Hash Functions
- The thesis covers an exhaustive study of selected contemporary hash functions, namely the potential candidates of the Advanced Hash Standard. Hash functions are the backbone of many cryptographic protocols and are used extensively for example for digital signatures. Thus, hash functions form an integral part of internet security, and need to be constructed very carefully. The thesis carries out a comprehensive study on the security and the efficiency of the candidate hash functions. The best comparative option will be reported. Ongoing.
- Secure sms
- Modern mobile phones allow for a lot of additional software. The aim of this thesis is to demonstrate by an actual implementation that secure sms are possible and simple.
- Identity Based Encryption
- Identity based encryption and security reductions are two hot topics in cryptography. This thesis aims to provide better solutions for identity based encryption with the high demands of security reductions based on weakly secure primitives. Completed.
- Quantum cryptanalysis and cryptography
- In recent years, quantum computers and quantum channels were often discussed. It is not clear whether we will ever have scalable quantum computers. But if so most of the known public key cryptography breaks down. This is so since a quantum computer can solve discrete log and factorization problems in polynomial time. Cryptographers are challenged to find new schemes on the one hand potentially unbreakable even if quantum computers were available, to break more nowadays schemes using quantum computers, to use quantum mechanisms to design new schemes. Several open.
- Counting coarse-grained integers
- A coarse-grained integer is an integer whose few prime factors stem from a given interval. The issue of this thesis is to learn more about the number of such integers below a given bound x. Develop and prove a formula for the number of coarse-grained integers in the spirit of Riemann. Transfer theory and algorithms for prime counting to counting coarse-grained integers.
- Cryptographic analysis of Bitcoin-like protocols
- There are many digital currencies around. One of the most famous are Bitcoins, invented in 2008 by the pseudonymous developer Satoshi Nakamoto. Any Bitcoin is defined as the sequence of all digitally signed transactions that began with its creation through Bitcoin mining. Thus, even though there is some anonymity in the protocol, it is in principle possible to trace all performed transactions. To circumvent this problem various protocols such as Zerocoin have been designed that claim to have full anonymity. The main goal of this thesis is to analyze selected existing Bitcoin-like protocols in a strong cryptographic context. Own implementations or protocol-improvements can complement the thesis.