Theses

In the following you will find the main research areas for which we offer bachelor and master theses as well as practical projects (individual / group projects) and seminars. For a specific topic and questions about the research areas, please contact the appropriate contact person.

The rapid development of digital technologies and the increasing threat to cybersecurity have led to a growing need for innovative security solutions in public spaces. An example of user interfaces that can enhance security behavior are Public Security User Interfaces. These are interfaces positioned in shared, non-personal areas, providing information or interactions on security-relevant topics. These interfaces play a crucial role in delivering security information, creating awareness, triggering actions and sparking conversations to promote secure behavior. The primary goal of this research is to explore the design, implementation, and impact of Public Security User Interfaces, to facilitate users' transition from cybersecurity awareness to habitual secure behavior.

Thesis topics in this area include:

• Behavioral analysis of user interaction with Public Security User Interfaces
• Personalization strategies to support secure behavior
• Content selection and dynamic adaptation to target audiences and contextual factors

Recommended knowledge and interests:

• Knowledge in Human-Computer Interaction
• Knowledge in Usable Security and Privacy
• Interest in Public Displays
• Interest in conducting a thorough literature review
• Independent thinking and creative problem solving

Contact:

Doruntina Murtezaj

Cybercrime currently causes global economic damage amounting to several trillion euros (Germany 2018: approx. 100 billion euros). According to expert analyses, in up to 90% of cases this damage is a direct or indirect result of attacks that focus on humans. Here, attackers exploit authority, fear, curiosity or helpfulness with the aim of manipulating their victims to obtain sensitive data. Examples include phone calls to obtain user credentials, emails containing attachments with malware to gain access to protected networks, or deep fakes to fake an identity.

Theses in this area address a variety of questions:

• How do people behave during social engineering attacks?
• How can social engineering attacks be detected?
• Which context factors favor social engineering attacks?
• How can user interfaces be developed to protect against social engineering attacks?

Recommended Skills and Interests

• Interest in human-centered attacks
• Knowledge in qualitative and/or quantitative research methods
• Interest in conducting a thorough literature review

Readings

• Ethics Emerging: the Story of Privacy and Security Perceptions in Virtual Reality
  https://www.usenix.org/system/files/conference/soups2018/soups2018-adams.pdf
• Exploring the Unprecedented Privacy Risks of the Metaverse
  https://arxiv.org/pdf/2207.13176.pdf

Contact

Dr. Verena Distler

Felix Dietz

Mixed Reality devices quickly find their way into users’ daily life, in particular in the form of head-mounted displays. Users can emerge into virtual worlds or augment the virtual world with physical content, supporting a wide range of application areas, including but not limited to entertainment, work, training, and wellbeing. While these technologies allow an ever-increasing number of exciting features to be built for the aforementioned areas, they also pose challenges and create opportunities for security and privacy.

Theses in this area will broadly deal with two questions: (1) How can Mixed Reality address existing privacy and security challenges? (2) Which challenges regarding privacy and security emerge in the context of Mixed Reality and how can these be mitigated?

Recommended Skills and Interests

• Interest in VR/AR technology
• Knowledge in qualitative and/or quantitative research methods
• Interest in conducting a thorough literature review
• Interest in learning, e.g Unity

Readings | Literatur

• Ethics Emerging: the Story of Privacy and Security Perceptions in Virtual Reality
  https://www.usenix.org/system/files/conference/soups2018/soups2018-adams.pdf
• Exploring the Unprecedented Privacy Risks of the Metaverse
  https://arxiv.org/pdf/2207.13176.pdf 

Contact

Oliver Hein

Felix Dietz

Behavioral Biometrics

The use of biometric mechanisms – that is authentication that is based on unique features of a user's physique or behaviour – is a convenient and fast alternative to classical token- or knowledge-based authentication. Popular representatives are e.g. fingerprint, face recognition or keystroke biometrics. However, those systems are usually based on machine learning algorithms and thus decisions are both hard to comprehend and influence for users.

In this research area we explore novel approaches to empower users to understand and influence the outcome of (black box) biometric systems and build nove approaches with the user in mind.

Some of the questions guiding this work are:

• How can users explore and understand influences on the decision making process of biometric systems
• How can user interfaces for biometric systems be designed to more clearly communicate robustness and accuracy of predictions
• How can users influence how they are recognized, i.e. by changing their behaviour
• How can users be nudged to show more unique behaviour
• How can biometric authentication be embedded in natural interaction

Specific research approaches include but are not limited to investigations of (real-world) user behavior (for example, using observations, interviews, surveys) as well as design, implementation and evaluation of novel security and privacy concepts.

Recommended Skills and Interests

• General interest in biometrics, authentication and machine learning
• Knowledge in qualitative and/or quantitative research methods
• Solid programming skills (e.g. Python or Android)

Readings

• Comparing passwords, tokens, and biometrics for user authentication (http://www.nikacp.com/images/10.1.1.200.3888.pdf)
• An introduction to biometric recognition (https://www.cse.msu.edu/~rossarun/pubs/RossBioIntro_CSVT2004.pdf)
• Touch me once and I know it’s you! Implicit Authentication based on Touch Screen Patterns (https://www.medien.ifi.lmu.de/pubdb/publications/pub/deluca2012chi/deluca2012chi.pdf)

Sample Thesis

Reauthentication Concepts for Biometric Authentication Systems on Mobile Devices

Contact

Lukas Mecke

Gaze for Security Applications

Eye trackers are increasingly becoming more accurate, affordable, and are already integrated into some consumer devices. The use of gaze behavioural data can reveal many information about the user. It can also be used as a biometric to enhance user’s security and enable novel authentication concepts.

In this research area we explore the use of gaze to enhance security systems/mechanisms. This work tries to answer -and not limited to - the following research questions:

• What are the characteristics of users’ gaze in security-related contexts? 
• How can existing security mechanisms be enhanced by means of gaze data?
• How can gaze data be leveraged to design novel security mechanisms?
• How can gaze-aware secure systems protect users’ privacy?

Recommended Skills and Interests

• Interest in Security/privacy
• Interest to learn about eye tracking and machine learning
• Knowledge in qualitative and / or quantitative research methods
• Interest in research in the field
• Good programming skills

Readings

• What Does Your Gaze Reveal About You? On the Privacy Implications of Eye Tracking (https://link.springer.com/chapter/10.1007/978-3-030-42504-3_15)
• The Role of Eye Gaze in Security and Privacy Applications: Survey and Future HCI Research Directions (https://dl.acm.org/doi/abs/10.1145/3313831.3376840)
• Eye tracking in human-computer interaction and usability research: Current status and future prospects (https://www.researchgate.net/publication/230786738_Eye_tracking_in_human-computer_interaction_and_usability_research_Current_status_and_future_prospects)
• Influences of Human Cognition and Visual Behavior on Password Strength during Picture Password Composition
  (https://dl.acm.org/doi/abs/10.1145/3173574.3173661)
• Look into my eyes!: can you guess my password?
  (https://dl.acm.org/doi/abs/10.1145/1572532.1572542)

Contact

Yasmeen Abdrabou

Virtual Reality

The advent of Virtual Reality (VR) devices provides an opportunity to transfer parts of the research until now being conducted in the field to the lab. The reason is that virtual reality allows for creating realistic experiences that elicit behavior comparable to the real world. The objective of this thesis is to investigate, which research questions are particularly suitable for investigation in VR. In particular, the task of the student is to review previous work that investigated VR as a research tool. Subsequently, one application area should be investigated in more detail. The work will be complemented by a discussion of the strengths and weaknesses of the approach and how it can be expected to generalize to other application areas.

Recommended Skills and Interests

• Interest in VR/AR technology
• Knowledge in qualitative and/or quantitative research methods
• Interest in conducting a thorough literature review
• Interest in learning, e.g Unity

Contact

Oliver Hein

Tangible Secure User Interfaces

In the era of ubiquitous computing, users’ security and privacy is at risk at almost all times. Security and privacy assistants support their users in becoming aware of these risks and taking the appropriate measures to protect their data. However, they often suffer from being too complex, not intuitive and non-engaging. Hence, in order to truly enable less tech-savvy or inexperienced persons to use security and privacy assistants, we argue that such mechanisms must become tangible.

Recommended Skills and Interests

• Interest in Usable Security
• Knowledge in the area of human-computer interaction & qualitative and/or quantitative research methods
• Independent thinking and creative problem solving
• For some projects: interest in Fabrication (e.g. 3D modeling/printing, electronics, soldering)

Readings

• Take Your Security and Privacy Into Your Own Hands! Why Security and Privacy Assistants Should be Tangible https://dl.gi.de/handle/20.500.12116/37360
• Making Privacy Graspable: Can we Nudge Users to use Privacy Enhancing Techniques? https://arxiv.org/abs/1911.07701
• Privacy Itch and Scratch: On Body Privacy Warnings and Controls https://dl.acm.org/doi/10.1145/2851581.2892475
• Privacy Care: A Tangible Interaction Framework for Privacy Management https://dl.acm.org/doi/10.1145/3430506

Contact

Sarah Delgado Rodriguez

Im Folgenden finden Sie aktuell ausgeschriebene Bachelor- und Masterarbeitsthemen, sowie Arbeitsthemen zu Praxisprojekten und Seminararbeiten. Falls Ihnen ein Thema zur Bearbeitung zusagt und Sie detaillierte Fragen haben, wenden Sie sich bitte an die entsprechende Kontaktperson.