Pro­ce­du­re of a The­sis

You can find more information on how to write a thesis on the faculty website (for BA, for MA).

The process of writing the thesis is (roughly) as follows:

  1. You contact us stating you are interested in a thesis. If you see a topic on this site that you'd like to work on, mention it. Otherwise, please try to outline what you are interested in so that we can brainstorm to find a topic together.
    • Please also include an overview of your grades (screenshot from PAUL is sufficient). We can use this to assess your knowledge in topics related to your thesis.
  2. We meet and outline a topic for you to work on.
  3. We provide you with a challenge. The challenge will be a small practical task that tests your understanding of the topic prior to writing the exposé. You come back to us with your results and, if sufficient, you can start with the exposé.
  4. We create an internal git-group that includes a repository for you that contains templates for the exposé and the thesis. We require you to use these templates. The git-group can also be used for any repositories that you want to create during the thesis (e.g., for the project you implement).
  5. You write an exposé (others may call it proposal) which outlines the topic. That is, it provides a motivation, some background information, an overview over related work, and an outline of the work you want to do in your thesis. Please take a look at the template for this.
    • During this time, we will reserve the topic for you. Therefore, we will set a deadline for your exposé. If you cannot meet this deadline, you have to at least write us and notify us of this. Otherwise, we think you do not want to continue with this topic and might give it to someone else.
    • If you do not want to continue with this topic, please tell us such that we do not block the topic indefinitely.
    • You submit your finished exposé to us, and we prove read it once. Afterwards, you fix the mistakes in the exposé.
  6. Next, you/we need to find a second supervisor. (In most cases, this is another professor at our university.)
  7. You can register your thesis in PAUL
  8. You'll get a document to fill out, which you and your first supervisor have to sign.
  9. You hand this document and the exposé to the examination office. This is the official start of your thesis.
    • During your thesis we meet every two weeks on Tuesdays (starting at 10 AM and, normally, finishing between 11 and 12 AM). There you present what you have achieved in the last two weeks and what you want to achieve in the next two weeks. For the organization of this meeting, please join this KOMO course (the access key is TES54).
    • At the beginning of your thesis, you will present your topic to the other students in the regular meeting. This is not an official part of your thesis and, thus, not graded. This initial talk serves as a brief introduction to your topic, so everyone in the meeting understands your goals. The talk should not exceed 10 minutes.
    • At the end of your thesis, you will have a final talk. This is part of your thesis and, thus, graded. The talk should present your topic and your results concisely. It should not exceed 25 minutes.
    • More information can be found in the thesis template's README that you'll be provided with once you registered your thesis.
  10. You hand in your thesis to the central examination office. Please refer to their websites for more information.

The communication with us can be done in German or English. Bachelor theses can be written in German or English (though we recommend English). Master theses have to be written in English.

Open To­pics

Various state actors around the world deploy some degree of censorship. To prevent users from accessing specific websites, they alter, drop, and redirect connection attempts to websites and services they deem malicious. Countries facilitate censorship by inspecting protocols like IP, TPC, HTTP, DNS, TLS, and VPNs. The sophistication of censors varies as much as the techniques they use. Overall, this leads to a diverse landscape of censorship…

Mehr erfahren

Plain text formats are used everywhere, from data storage and transfer to configurations of tools. Often languages like XML, YAML, JSON, or TOML are used. To make it easier on the developer to work with these files, programming languages have standard modules and third-party libraries to parse them. In a thesis on this topic, you would add Dockerfiles for parsers in many of the most popular programming languages to an existing framework. As each…

Mehr erfahren

QUIC is a modern transport protocol initially developed by Google and standardised by the IETF that aims to improve internet performance and security by integrating transport and cryptographic functions using TLS. In 2022, Nawrocki et al. analyzed QUIC deployment in the wild focusing on handshakes having unnecessary additional round trips impacting performance or exceeding the so-called amplification limit. The amplification limit is a limit…

Mehr erfahren

Transport Layer Security (TLS) is a cryptographic protocol designed to provide secure communication over a computer network. TLS session tickets are a part of TLS, allowing for reuse of previously established session parameters and secrets to allowing for faster handshakes up to 0-RTT resumption (in TLS 1.3) and reduced computational workload. QUIC is a modern transport protocol initially developed by Google and standardised by the IETF that…

Mehr erfahren

The Internet connects people, organizations, companies, and institutions worldwide. In recent years, this interconnectivity has been challenged by state actors intentionally and unintentionally. Regulations, technical shortcomings, and more can lead to parts of the internet being almost or completely inaccessible for some people (usually bound by geographical location). This process is referred to as Internet Fragmentation. Internet…

Mehr erfahren

X.509 certificates are used in TLS connections to verify the identity of clients and servers. To this end, clients and servers have to check whether a certificate is valid and correctly signed. Furthermore, clients and servers can verify whether a specific certificate has been revoked by the issuing certificate authority. Two known and used revocation mechanism are OCSP and CRL. In this thesis, you evaluate different TLS server applications for…

Mehr erfahren

LoRaWAN is a wireless protocol which allows long-range low-power communications and therefore uses symmetric keys for authentication and encryption. To ease integration and deployment, the devices are pre-provisioned with keys at the production process. Here, often secure elements are utilized to save the key tamper-proof in the device. But in some cases keys are not trustworthy for example if they are transferred via an insecure channel e. g.…

Mehr erfahren

TLS-Attacker is a Java-based framework for analyzing TLS libraries. It is able to send arbitrary protocol messages in an arbitrary order to the TLS peer, and define their modifications using a provided interface. This gives the developer an opportunity to easily define a custom TLS protocol flow and test it against his TLS library. In cooperation with the Ruhr University Bochum, we are constantly extending this library and provide new TLS…

Mehr erfahren