Completed Theses - System Security | Paderborn University

30.09.2025

MA: Analyzing and Circumventing Network Censorship through TCP and TLS Fragmentation

Abstract: The free flow of information on the Internet is crucial for billions of people. The flow of information is restricted by network censors. One well-known network censor is the Great Firewall of China, which applies sophisticated network censorship measures. To circumvent its censorship, we consider TCP and TLS fragmentation as useful circumvention techniques. Extending an existing research tool, we show the Great Firewall to be…

MA: Ana­lyz­ing and Cir­cum­vent­ing Net­work Cen­sor­ship through TCP and TLS Frag­ment­a­tion

BA: Se­cur­ity Ana­lys­is of Zoom Team Chat

BA: A QUICkFind­er Ana­lys­is of Ap­proaches to Find QUIC en­abled Serv­ers

MA: Cen­sor­ship of WebRTC in UAE

✏️ MA: Se­cur­ity Ana­lys­is of the Ro­bot Sim­u­la­tion Soft­ware ROBOGUIDE

MA: Se­cur­ity Ana­lys­is of FIDO Device On­boad­ing Pro­tocol

BA: An Over­view and Eval­u­ation of DPI-Evad­ing In­ter­net Cen­sor­ship Cir­cum­ven­tion Tools

MA: By­passing QUIC Cen­sor­ship: A Study on QUIC and TLS Cir­cum­ven­tions

BA: Cen­sor­ship Probe Scan­ner with Re­com­mend­a­tions

MA: Build­ing a Frame­work for Vul­ner­ab­il­ity-Fix­ing Com­mits

✏️ BA: Eval­u­at­ing the In­ter­ac­tion of TLS Cli­ent Cer­ti­fic­ates and Ses­sion Tick­ets in Vir­tu­al Host­ing

MA: Sys­tem­at­ic Se­cur­ity Eval­u­ation of OWL-Live.de

MA: Large-Scale Ana­lys­is of Auto­Con­fig/Autodis­cov­er for E-Mail

✏️ MA: In­vest­ig­at­ing HT­TP Cen­sor­ship in China and Ir­an

BA: Test Frame­work for a Sys­tem­at­ic Eval­u­ation of XML Pars­ers

BA: Ana­lys­is of TLS Ses­sion Tick­ets on E-Mail Serv­ers

✏️ MA: Breach­ing Di­git­al Bor­ders: Ana­lys­is and Cir­cum­ven­tion of DNS Cen­sor­ship

BA: Se­cur­ity Ana­lys­is of 3D Print­er Web In­ter­faces

MA: Auto­mated Eval­u­ation of QUIC Cen­sor­ship

✏️ BA: Evad­ing Cen­sor­ship with HT­TP Re­quest Smug­gling

BA: Se­cur­ity Ana­lys­is of Col­lab­or­a­tion Tools on the Ex­ample of Zulip

MA: Us­age Ana­lys­is of G-Codes in Sli­cing Soft­ware

MA: Se­cur­ity Ana­lys­is of a Mod­ern Con­fer­en­cing Sys­tem: Open­Vidu

BA: Ana­lyz­ing Proxy Cen­sor­ship

✏️ MA: Par­ti­tion­ing Or­acle At­tacks against TLS Ses­sion Tick­ets

MA: Ana­lyz­ing Cen­sor­ship Be­ha­vi­or: Dif­fer­ences in and between Autonom­ous Sys­tems

MA: Eval­u­ation of the se­cur­ity of SSH on em­bed­ded devices

MA: An Ex­ten­ded Ana­lys­is of DTLS Im­ple­ment­a­tions Us­ing Pro­tocol State Fuzz­ing

BA: Se­cur­ity Ana­lys­is of a Pace­maker Pro­gram­mer

MA: Se­cur­ity Ana­lys­is of the Open Pack­aging Con­ven­tions on the Ex­ample of OOXML and 3MF

BA: Con­tent Se­cur­ity Policy: An Up­dated Look at the Evol­u­tion and Se­cur­ity of De­ployed Policies

✏️ BA: Large Scale Scan­ning of TLS Ses­sion Tick­et Con­fu­sion

⭐ MA: Ana­lyz­ing the QUIC Eco­sys­tem With the QUIC-Scan­ner

BA: In­ter­net-Wide Ana­lys­is of 3D Print­er Web In­ter­faces

BA: Re­as­sess­ing XML Pars­er Vul­ner­ab­il­it­ies

MA: XML Sig­na­ture Fuzz­ing

MA: X.509-An­vil: A Com­bin­at­or­i­al Test­ing Frame­work for X.509

MA: Dis­cov­er­ing Vul­ner­ab­il­it­ies in TLS Lib­rar­ies Us­ing CI-Driv­en Re­gres­sion Tests

BA: Se­cur­ity Ana­lys­is of TLS Cli­ent Au­then­tic­a­tion in Mod­ern Web Serv­ers

MA: Dy­nam­ic Ana­lys­is of TLS Prop­er­ties in iOS Apps

MA: DANE Scan­ner De­vel­op­ment and Ana­lys­is of DANE Eco­sys­tem in the Wild

⭐✏️ MA: Ana­lyz­ing and Cir­cum­vent­ing ESNI-/ECH-Based Cen­sor­ship

BA: Ana­lyz­ing Se­cur­ity As­pects Of The DNS Eco­sys­tem

⭐ BA: Web Key Dir­ect­ory and oth­er key ex­change meth­ods for Open­P­GP

MA: Eval­u­at­ing the Im­pact of Manger­’s At­tack on the SSH Eco­sys­tem

BA: Re-eval­u­ation of At­tacks on Email Sig­na­tures

MA: State Learn­ing of STARTTLS Re­lated Pro­tocol Im­ple­ment­a­tions

✏️ MA: On the Se­cur­ity of 3D Print­ers: Ana­lyz­ing the Im­pact of Ma­chine Codes

MA: Black­box Eval­u­ation of Ran­dom­ness in TLS Hand­shakes

MA: Act­ive TLS-Serv­er Fin­ger­print­ing us­ing Pro­tocol State Fuzz­ing

✏️ BA: Se­cur­ity Ana­lys­is of eduMEET

BA: Get­ting to the Ori­gin: On Ex­plor­ing the Ori­gin Pro­tec­tion of In­cap­su­la’s Cli­ents

MA: Ana­lys­is of Se­cure Device On­board­ing

BA: Min­ing Your P’s and Q’s - Re­vis­ited

BA: Ab­wehr von an­wendung­s­pro­tokollüber­gre­ifenden An­grif­fen in TLS-Bib­lio­thek­en

MA: WebRTC and E2E-En­cryp­tion in Con­fer­en­cing Sys­tems

✏️ MA: Se­cur­ity Ana­lys­is of File Formats for 3D Print­ing Soft­ware

BA: Se­cur­ity Ana­lys­is of DDoS Solu­tion Pro­viders

⭐✏️ BA: Se­cur­ity Ana­lys­is of the Web Con­fer­en­cing Sys­tem BigBlue­But­ton

BA: Eval­u­ation of TLS serv­er con­fig­ur­a­tion com­pat­ib­il­ity to BSI TR-02102-2 and NIST SP 800-52

⭐✏️ MA: Eval­u­ation of TLS ses­sion tick­ets

MA: Se­cur­ity eval­u­ation of STARTTLS and TLS con­fig­ur­a­tion in the email eco­sys­tem

MA: Auto­mat­ic Scan­ning of TLS Cli­ents

MA: Black­box eval­u­ation of ran­dom­ness in TLS

MA: Analyzing and Circumventing Network Censorship through TCP and TLS Fragmentation

BA: Security Analysis of Zoom Team Chat

BA: A QUICkFinder Analysis of Approaches to Find QUIC enabled Servers

MA: Censorship of WebRTC in UAE

✏️ MA: Security Analysis of the Robot Simulation Software ROBOGUIDE

MA: Security Analysis of FIDO Device Onboading Protocol

BA: An Overview and Evaluation of DPI-Evading Internet Censorship Circumvention Tools

MA: Bypassing QUIC Censorship: A Study on QUIC and TLS Circumventions

BA: Censorship Probe Scanner with Recommendations

MA: Building a Framework for Vulnerability-Fixing Commits

✏️ BA: Evaluating the Interaction of TLS Client Certificates and Session Tickets in Virtual Hosting

MA: Systematic Security Evaluation of OWL-Live.de

MA: Large-Scale Analysis of AutoConfig/Autodiscover for E-Mail

✏️ MA: Investigating HTTP Censorship in China and Iran

BA: Test Framework for a Systematic Evaluation of XML Parsers

BA:  Analysis of TLS Session Tickets on E-Mail Servers

✏️ MA: Breaching Digital Borders: Analysis and Circumvention of DNS Censorship

BA: Security Analysis of 3D Printer Web Interfaces

MA: Automated Evaluation of QUIC Censorship

✏️ BA: Evading Censorship with HTTP Request Smuggling

BA: Security Analysis of Collaboration Tools on the Example of Zulip

MA: Usage Analysis of G-Codes in Slicing Software

MA: Security Analysis of a Modern Conferencing System: OpenVidu

BA: Analyzing Proxy Censorship

✏️ MA: Partitioning Oracle Attacks against TLS Session Tickets

MA: Analyzing Censorship Behavior: Differences in and between Autonomous Systems

MA: Evaluation of the security of SSH on embedded devices

MA: An Extended Analysis of DTLS Implementations Using Protocol State Fuzzing

BA: Security Analysis of a Pacemaker Programmer

MA: Security Analysis of the Open Packaging Conventions on the Example of OOXML and 3MF

BA: Content Security Policy: An Updated Look at the Evolution and Security of Deployed Policies

✏️ BA: Large Scale Scanning of TLS Session Ticket Confusion

⭐ MA: Analyzing the QUIC Ecosystem With the QUIC-Scanner

BA: Internet-Wide Analysis of 3D Printer Web Interfaces

BA: Reassessing XML Parser Vulnerabilities

MA: XML Signature Fuzzing

MA: X.509-Anvil: A Combinatorial Testing Framework for X.509

MA: Discovering Vulnerabilities in TLS Libraries Using CI-Driven Regression Tests

BA: Security Analysis of TLS Client Authentication in Modern Web Servers

MA: Dynamic Analysis of TLS Properties in iOS Apps

MA: DANE Scanner Development and Analysis of DANE Ecosystem in the Wild

⭐✏️ MA: Analyzing and Circumventing ESNI-/ECH-Based Censorship

BA: Analyzing Security Aspects Of The DNS Ecosystem

⭐ BA: Web Key Directory and other key exchange methods for OpenPGP

MA: Evaluating the Impact of Manger’s Attack on the SSH Ecosystem

BA: Re-evaluation of Attacks on Email Signatures

MA: State Learning of STARTTLS Related Protocol Implementations

✏️ MA: On the Security of 3D Printers: Analyzing the Impact of Machine Codes

MA: Blackbox Evaluation of Randomness in TLS Handshakes

MA: Active TLS-Server Fingerprinting using Protocol State Fuzzing

✏️ BA: Security Analysis of eduMEET

BA: Getting to the Origin: On Exploring the Origin Protection of Incapsula’s Clients

MA: Analysis of Secure Device Onboarding

BA: Mining Your P’s and Q’s - Revisited

BA: Abwehr von anwendungsprotokollübergreifenden Angriffen in TLS-Bibliotheken

MA: WebRTC and E2E-Encryption in Conferencing Systems

✏️ MA: Security Analysis of File Formats for 3D Printing Software

BA: Security Analysis of DDoS Solution Providers

⭐✏️ BA: Security Analysis of the Web Conferencing System BigBlueButton

BA: Evaluation of TLS server configuration compatibility to BSI TR-02102-2 and NIST SP 800-52

⭐✏️ MA: Evaluation of TLS session tickets

MA: Security evaluation of STARTTLS and TLS configuration in the email ecosystem

MA: Automatic Scanning of TLS Clients

MA: Blackbox evaluation of randomness in TLS